Skip to content
Advertisement

Refactor a PL/pgSQL function to return the output of various SELECT queries

I wrote a function that outputs a PostgreSQL SELECT query well formed in text form. Now I don’t want to output a text anymore, but actually run the generated SELECT statement against the database and return the result – just like the query itself would.

What I have so far:

sensors holds the list of column names for the table type. Those are declared and filled in the course of the function. Eventually, they hold values like:

  • sensors: 'column1, column2, column3'
    Except for Datahora (timestamp) all columns are of type double precision.

  • type :'myTable'
    Can be the name of one of four tables. Each has different columns, except for the common column Datahora.

Definition of the underlying tables.

The variable sensors will hold all columns displayed here for the corresponding table in type. For example: If type is pcdmet then sensors will be 'datahora,dirvento,precipitacao,pressaoatm,radsolacum,tempar,umidrel,velvento'

The variables are used to build a SELECT statement that is stored in result. Like:

Right now, my function returns this statement as text. I copy-paste and execute it in pgAdmin or via psql. I want to automate this, run the query automatically and return the result. How can I do that?

Advertisement

Answer

Dynamic SQL and RETURN type

(I saved the best for last, keep reading!)
You want to execute dynamic SQL. In principal, that’s simple in plpgsql with the help of EXECUTE. You don’t need a cursor – in fact, most of the time you are better off without explicit cursors.
Find examples on SO with a search.

The problem you run into: you want to return records of yet undefined type. A function needs to declare the return type with the RETURNS clause (or with OUT or INOUT parameters). In your case you would have to fall back to anonymous records, because number, names and types of returned columns vary. Like:

However, this is not particularly useful. This way you’d have to provide a column definition list with every call of the function. Like:

But how would you even do this, when you don’t know the columns beforehand?
You could resort to a less structured document data types like json, jsonb, hstore or xml:

But for the purpose of this question let’s assume you want to return individual, correctly typed and named columns as much as possible.

Simple solution with fixed return type

The column datahora seems to be a given, I’ll assume data type timestamp and that there are always two more columns with varying name and data type.

Names we’ll abandon in favor of generic names in the return type.
Types we’ll abandon, too, and cast all to text since every data type can be cast to text.

How does this work?

  • The variables _sensors and _type could be input parameters instead.

  • Note the RETURNS TABLE clause.

  • Note the use of RETURN QUERY EXECUTE. That is one of the more elegant ways to return rows from a dynamic query.

  • I use a name for the function parameter, just to make the USING clause of RETURN QUERY EXECUTE less confusing. $1 in the SQL-string does not refer to the function parameter but to the value passed with the USING clause. (Both happen to be $1 in their respective scope in this simple example.)

  • Note the example value for _sensors: each column is cast to type text.

  • This kind of code is very vulnerable to SQL injection. I use quote_ident() to protect against it. Lumping together a couple of column names in the variable _sensors prevents the use of quote_ident() (and is typically a bad idea!). Ensure that no bad stuff can be in there some other way, for instance by individually running the column names through quote_ident() instead. A VARIADIC parameter comes to mind …

Simpler with PostgreSQL 9.1+

With version 9.1 or later you can use format() to further simplify:

Again, individual column names could be escaped properly and would be the clean way.

Variable number of columns sharing the same type

After your question updates it looks like your return type has

  • a variable number of columns
  • but all columns of the same type double precision (alias float8)

As we have to define the RETURN type of a function I resort to an ARRAY type in this case, which can hold a variable number of values. Additionally, I return an array with column names, so you could parse the names out of the result, too:


Various complete table types

If you are actually trying to return all columns of a table (for instance one of the tables at the linked page, then use this simple, very powerful solution with a polymorphic type:

Call (important!):

Replace pcdmet in the call with any other table name.

How does this work?

  • anyelement is a pseudo data type, a polymorphic type, a placeholder for any non-array data type. All occurrences of anyelement in the function evaluate to the same type provided at run time. By supplying a value of a defined type as argument to the function, we implicitly define the return type.

  • PostgreSQL automatically defines a row type (a composite data type) for every table created, so there is a well defined type for every table. This includes temporary tables, which is convenient for ad-hoc use.

  • Any type can be NULL. So we hand in a NULL value, cast to the table type: NULL::pcdmet.

  • Now the function returns a well-defined row type and we can use SELECT * FROM data_of(...) to decompose the row and get individual columns.

  • pg_typeof(_tbl_type) returns the name of the table as object identifier type regtype. When automatically converted to text, identifiers are automatically double-quoted and schema-qualified if needed. Therefore, SQL injection is not a possible. This can even deal with schema-qualified table-names where quote_ident() would fail.

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement