[英]clean way to detect if current_query() is a prepared statement?
Does anyone know a good way to detect if the result from current_query()
is a prepared statement or not? 有没有人知道检测current_query()
的结果是否是预备语句的好方法?
I seems that I can't simply use a string function because this would be an exampe for a prepared statement: 我似乎不能简单地使用字符串函数,因为这将是一个准备好的语句的例子:
UPDATE table SET "x" = $1 WHERE "y" = $2 AND "z" = $3
But this would not: 但这不会:
UPDATE table SET "x" = '$1 + $2 = $3' WHERE "y"='$1' AND "z" = 1
Is there maybe another function I can use together with / instead of current_query()
or do you have any other ideas? 是否有其他功能我可以和/而不是current_query()
一起使用,或者你有其他想法吗?
You may be able to detect if current_query() is a prepared statement by looking for \\$[[:digit:]]
after stripping the text of all strings. 在剥离所有字符串的文本后,您可以通过查找\\$[[:digit:]]
来检测current_query()是否为预准备语句。 The following query would do, however it may fail in cases of intricate quote nesting: 以下查询可以执行,但在复杂引用嵌套的情况下可能会失败:
with
queries(curr_query) as (
values ($$UPDATE table SET "x" = '$1||''a'' + $2 = $3' WHERE "y"='$1' AND "z" = 1$$),
($$UPDATE table SET "x" = $r1$a$r1$||$1 WHERE "y" = $2 AND "z" = $3||$r1$b$r1$ $$),
($$UPDATE table SET "x" = $1 WHERE "y" = $2 AND "z" = $3$$)
),
stripped as (
select *,
regexp_replace(
regexp_replace(
regexp_replace(curr_query, '(["'']).*?\1', '', 'g'),
'\$([[:alpha:]]*?)\$.*?\$\1\$', '', 'g'),
'\$([[:alpha:]][[:alnum:]]*?)\$.*?\$\1\$', '', 'g') as stripped_query
from queries
)
select *, stripped_query ~ '\$[[:digit:]]' AS is_prepared
from stripped
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.