Hi,
On 15 September 2010 08:05, Tatarnikov Alexander cank...@gmail.com wrote:
Hello!
I have function wich check user credentials and if test passed function must
create new user with generated username and password.
Language is plpgsql.
so question is how to unembrace this parameter (i
2010/9/15 Tatarnikov Alexander cank...@gmail.com:
Thanks for response!
Here is function
CREATE USER creds.userName WITH PASSWORD creds.userPassword
IN GROUP ta_users; - there is error occured
You can not use variables for non-data entities. Use the dynamic SQL instead:
EXECUTE
-Original Message-
From: Tatarnikov Alexander [mailto:cank...@gmail.com]
Sent: Wednesday, September 15, 2010 12:05 AM
To: pgsql-sql@postgresql.org
Subject: Use CREATE USER in plpgsql function
Hello!
I have function wich check user credentials and if test
passed function
And dynamic SQL leads easily to SQL injection so quoting is required there.
execute 'create user ' || quote_ident(i_username) || ' password ' ||
quote_literal(i_password);
On Wed, Sep 15, 2010 at 5:26 PM, Igor Neyman iney...@perceptron.com wrote:
-Original Message-
From:
-Original Message-
From: Asko Oja [mailto:asc...@gmail.com]
Sent: Wednesday, September 15, 2010 2:29 PM
To: Igor Neyman
Cc: Tatarnikov Alexander; pgsql-sql@postgresql.org
Subject: Re: [SQL] Use CREATE USER in plpgsql function -
Found word(s) list error in the Text body
From: Asko Oja [mailto:asc...@gmail.com]
Sent: Wednesday, September 15, 2010 2:29 PM
To: Igor Neyman
Cc: Tatarnikov Alexander; pgsql-sql@postgresql.org
Subject: Re: [SQL] Use CREATE USER in plpgsql function - Found
word
...@gmail.com]
*Sent:* Wednesday, September 15, 2010 2:29 PM
*To:* Igor Neyman
*Cc:* Tatarnikov Alexander; pgsql-sql@postgresql.org
*Subject:* Re: [SQL] Use CREATE USER in plpgsql function - Found word(s)
list error in the Text body
And dynamic SQL leads easily to SQL injection so quoting
Hello!
I have function wich check user credentials and if test passed function must
create new user with generated username and password.
Language is plpgsql.
For example:
DECLARE creds RECORD;
...
SELECT * INTO creds FROM ...
creds is Record with fields userName(VARCHAR) and