2009/8/26 A. Kretschmer <andreas.kretsch...@schollglas.com>: > In response to Nacef LABIDI : >> Hi all, >> >> I want to write a function that takes as param a comma separated values >> string >> and perform a select matching these values. >> >> Here is the string '1,3,7,8' >> >> And I wan to perform a : SELECT * FROM my_table WHERE id IN (1, 3, 7, 8); > > Use EXECUTE sql_string, see > http://www.postgresql.org/docs/8.4/interactive/plpgsql-control-structures.html > > For instance, simple example, untested: >
Hello > create function foo (my_string) returns setof record as $$ > declare > sql text; > begin > sql:='SELECT * FROM my_table WHERE id IN (' || $1 || ')'; > return query execute sql; > end; > It's dangerous solution - there can be sql injection attack regards Pavel Stehule > The variable sql contains the whole query, and then execute that. > > HTH, Andreas > -- > Andreas Kretschmer > Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header) > GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net > > -- > Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-sql > -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql