Are there any escaping syntax for psql variable inside PostgreSQL functions?
I write PSQL script and using variables (for psql --variable key=value commandline syntax).
This works perfectly for top level scope like select * from :key, but I create functions with the script and need variable value inside them.
So, the syntax like
create function foo() returns void as
$$
declare
begin
grant select on my_table to group :user;
end;
$$
language plpgsql;
fails at :user.
As far as I understand psql variables is a plain macro substitution feature, but it doesn't process function bodies. Are there any escaping syntax for such cases? Surrounding :us开发者_如何学Pythoner with $$ works regarding substitution, but psql fails at $$.
Are there any other way to do this besides standalone macro processing (sed, awk, etc)?
PSQL SET
variables aren't interpolated inside dollar-quoted strings. I don't know this for certain, but I think there's no escape or other trickery to turn on SET
variable interpolation in there.
One might think you could wedge an unquoted :user
between two dollar-quoted stretches of PL/pgSQL to get the desired effect. But this doesn't seem to work... I think the syntax requires a single string and not an expression concatenating strings. Might be mistaken on that.
Anyway, that doesn't matter. There's another approach (as Pasco noted): write the stored procedure to accept a PL/pgSQL argument. Here's what that would look like.
CREATE OR REPLACE FUNCTION foo("user" TEXT) RETURNS void AS
$$
BEGIN
EXECUTE 'GRANT SELECT ON my_table TO GROUP ' || quote_ident(user);
END;
$$ LANGUAGE plpgsql;
Notes on this function:
EXECUTE
generates an appropriateGRANT
on each invocation using on our procedure argument. The PG manual section called "Executing Dynamic Commands" explainsEXECUTE
in detail.- The declaration of procedure argument
user
must be double quoted. Double quotes force it to be interpreted as an identifier.
Once you define the function like this, you can call it using interpolated PSQL variables. Here's an outline.
- Run
psql --variable user="'whoever'" --file=myscript.sql
. Single quotes are required around the username! - In myscript.sql, define function like above.
- In myscript.sql, put
select foo(:user);
. This is where we rely on those single quotes we put in the value ofuser
.
Although this seems to work, it strikes me as rather squirrely. I thought SET
variables were intended for runtime configuration. Carrying data around in SET
seems odd.
Edit: here's a concrete reason to not use SET
variables. From the manpage: "These assignments are done during a very early stage of startup, so variables reserved for internal purposes might get overwritten later." If Postgres decided to use a variable named user
(or whatever you pick), it could overwrite your script argument with something you never intended. In fact, psql already takes USER
for itself -- this only works because SET
is case sensitive. This very nearly broke things from the start!
You could use the method Dan LaRocque describes to make it kind of hack'ishly work (not a knock at Dan) - but psql is not really your friend for doing this kind of work (assuming this kind of work is scripting and not one-off things). If you've got a function, rewrite it to take a parameter like so:
create function foo(v_user text) returns void as
$$
begin
execute 'grant select on my_table to group '||quote_ident(v_user);
end;
$$
language plpgsql;
(quote_ident() makes it so you don't have to assure the double-quotes, it handles all that.)
But then use a real scripting language like Perl, Python, Ruby, etc that has a Postgres driver to invoke your function with a parameter.
Psql has its place, I'm just not sure that this is it.
Actually, there's a way in more modern versions of psql
.
Since the function body has to be a string constant and psql
does not perform variable interpolation within string constants we have to resort to assembling the function body in a separate first step:
select format($gexec$
create function foo() returns void as
$$
begin
grant select on my_table to group %I;
end;
$$
language plpgsql;
$gexec$, :'user') \gexec
The trailing \gexec
command
- executes the "outer" query using the format function to produce the desired query sting and then
- executes the produced query string as a query.
精彩评论