Table name as a PostgreSQL function parameter

by

This can be further simplified and improved:

CREATE OR REPLACE FUNCTION some_f(_tbl regclass, OUT result integer)
    LANGUAGE plpgsql AS
$func$
BEGIN
   EXECUTE format('SELECT (EXISTS (SELECT FROM %s WHERE id = 1))::int', _tbl)
   INTO result;
END
$func$;

Call with schema-qualified name (see below):

SELECT some_f('myschema.mytable');  -- would fail with quote_ident()

Or:

SELECT some_f('"my very uncommon table name"');

Major points

Use an OUT parameter to simplify the function. You can directly select the result of the dynamic SQL into it and be done. No need for additional variables and code.

EXISTS does exactly what you want. You get true if the row exists or false otherwise. There are various ways to do this, EXISTS is typically most efficient.

You seem to want an integer back, so I cast the boolean result from EXISTS to integer, which yields exactly what you had. I would return boolean instead.

I use the object identifier type regclass as input type for _tbl. That does everything quote_ident(_tbl) or format('%I', _tbl) would do, but better, because:

  • .. it prevents SQL injection just as well.

  • .. it fails immediately and more gracefully if the table name is invalid / does not exist / is invisible to the current user. (A regclass parameter is only applicable for existing tables.)

  • .. it works with schema-qualified table names, where a plain quote_ident(_tbl) or format(%I) would fail because they cannot resolve the ambiguity. You would have to pass and escape schema and table names separately.

It only works for existing tables, obviously.

I still use format(), because it simplifies the syntax (and to demonstrate how it’s used), but with %s instead of %I. Typically, queries are more complex so format() helps more. For the simple example we could as well just concatenate:

EXECUTE 'SELECT (EXISTS (SELECT FROM ' || _tbl || ' WHERE id = 1))::int'

No need to table-qualify the id column while there is only a single table in the FROM list. No ambiguity possible in this example. (Dynamic) SQL commands inside EXECUTE have a separate scope, function variables or parameters are not visible there – as opposed to plain SQL commands in the function body.

Here’s why you always escape user input for dynamic SQL properly:

db<>fiddle here demonstrating SQL injection
Old sqlfiddle

More Related Contents:

  1. Define table and column names as arguments in a plpgsql function?
  2. No function matches the given name and argument types
  3. Refactor a PL/pgSQL function to return the output of various SELECT queries
  4. INSERT with dynamic table name in trigger function
  5. Difference between language sql and language plpgsql in PostgreSQL functions
  6. Truncating all tables in a Postgres database
  7. PostgreSQL parameterized Order By / Limit in table function
  8. Committing transactions while executing a postgreql Function
  9. Execute a dynamic crosstab query
  10. Can I make a plpgsql function return an integer without using a variable?
  11. Dynamic SQL (EXECUTE) as condition for IF statement
  12. DROP FUNCTION without knowing the number/type of parameters?
  13. Test for null in function with varying parameters
  14. Return SETOF rows from PostgreSQL function
  15. Error when setting n_distinct using a plpgsql variable
  16. Dynamically generate columns for crosstab in PostgreSQL
  17. Function to loop through and select data from multiple tables
  18. COPY with dynamic file name
  19. Format specifier for integer variables in format() for EXECUTE?
  20. “Parameter” vs “Argument” [duplicate]
  21. Procedure with assumed-shape dummy argument must have an explicit interface [duplicate]
  22. How to set value of composite variable field using dynamic SQL
  23. Return multiple fields as a record in PostgreSQL with PL/pgSQL
  24. Jump to function definition
  25. Returning from a function with OUT parameter
  26. SQL update fields of one table from fields of another one
  27. Is there a way to get a vector with the name of all functions that one could use in R?
  28. What are the differences between functions and methods in Swift?
  29. PL/pgSQL functions: How to return a normal table with multiple columns using an execute statement
  30. Proper use of modules in Fortran

Leave a Comment