Trying to figure out how to make prepared statements work in plpgsql in order to sanitize my code.
PREPARE statements(text, text, text, text, text, text, text, text, text, text, text, text) AS
'SELECT
*
FROM
articles
WHERE
' || $1 || ' AND
' || $2 || ' AND
primary_category LIKE ''' || $3 || ''' AND
' || $4 || ' AND
' || $5 || ' AND
' || $6 || ' AND
' || $7 || ' AND
' || $8 || ' AND
' || $9 || ' AND
' || $10 || ' AND
' || $11 || ' AND
is_template = ' || §12 || ' AND
status <> ''DELETED''
ORDER BY ' || $13 || ' LIMIT 500';
RETURN QUERY EXECUTE statements(search_term, publication_date_query, category_filter, tags_query, districts_query, capability_query, push_notification_query, distance_query, revision_by, publication_priority_query, status_query, only_templates, order_by);
The above code returns
ERROR: syntax error at or near "'SELECT
*
FROM
articles
WHERE
'"
LINE 67: 'SELECT
I declade my variables like so:
DECLARE
tags_query text := 'true';
BEGIN
IF char_length(search_term) > 0 THEN
order_by := 'ts_rank_cd(textsearchable_index_col, to_tsquery(''' || search_term || ':*''))+GREATEST(0,(-1*EXTRACT(epoch FROM age(last_edited)/86400))+60)/60 DESC';
search_term := 'to_tsquery(''' || search_term || ':*'') @@ textsearchable_index_col';
ELSE
search_term := 'true';
END IF;
...
I am new at this, please don't freak out immediately, if it is something silly, i did not notice.
Edit: PostgreSQL Version 9.6
Edit: I am aware of the documentation .
I see more issues.
EXECUTE
command is different than PLpgSQL EXECUTE
command. Parameter of PLpgSQL EXECUTE
command is SQL string - not name of prepared command. There are not clean way, how to execute SQL explicitly prepared command from PLpgSQL. So, combination PREPARE cmd(); EXECUTE cmd()
PREPARE cmd(); EXECUTE cmd()
in PLpgSQL has not any sense.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.