Database Reference
In-Depth Information
Tip
Danger of SQL injection!
As we have neither executed a
prepare()
method and executed a
execute()
method with arguments after it, nor have we used the
plpy.quote_literal()
method (both techniques are discussed later) to safely quote the username be-
fore merging it into the query, we are open to a security flaw known as
SQL in-
jection
. So, make sure that you only let trusted users call this function or supply
the username argument.
Calling the function defined via any of these three
CREATE
commands will look ex-
actly the same:
hannu=# select * from userinfo('postgres');
username | user_id | is_superuser
----------+---------+--------------
postgres | 10 | t
(1 row)
It usually does not make sense to declare a class inside a function just to return a
record value. This possibility is included mostly for cases where you already have a
suitable class with a set of attributes matching the ones the function returns.
Table functions
When returning a set from a PL/Python functions, you have three options:
• Return a list or any other sequence of return type
• Return an iterator or generator
•
yield
the return values from a loop
Here, we have three ways to generate all even numbers up to the argument value
using these different styles.
First, returning a list of integers: