On Fri, May 27, 2016 at 6:02 AM, Craig Ringer <cr...@2ndquadrant.com> wrote:
> > COPY FROM $1 TO 'myfilename' > > Random thought - how about at least making the following work: For the following pretend that "STRING" has the same behavior as the "format(...)" function. EXECUTE STRING('COPY %I TO %L', 'testtable', 'testfile.txt'); <(conceptually similar to: EXECUTE format('COPY %I TO %L', 'testtable', 'testfile.txt')> This doesn't solve the knowledge problem but at least provides an idiomatic way to execute dynamic SQL without pl/pgsql and without forcing the client library to take responsibility for proper data massaging in order to eliminate sql injection. As an extension making: PREPARE name STRING('COPY %I TO %L', ?, ?); EXECUTE name STRING USING ('testtable', 'testfile.txt'); David J.