public inbox for [email protected]
help / color / mirror / Atom feedFrom: Ron Johnson <[email protected]>
To: Pgsql-admin <[email protected]>
Subject: Re: Having trouble passing a shell variable to a query from psql command line
Date: Fri, 29 Aug 2025 17:15:44 -0400
Message-ID: <CANzqJaCuEFz19dTB53iwiW0vDp1yHrkX8P_1bSyKPyoL8vQ+GQ@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <DM8PR09MB6677729E8FC7452DAAD053E5B83AA@DM8PR09MB6677.namprd09.prod.outlook.com>
<CANzqJaBC5rx0fNbmx1bom9ZE3v1UgQxH3uXWOFHCfUb=rkqcEQ@mail.gmail.com>
<[email protected]>
On Fri, Aug 29, 2025 at 3:15 PM Tom Lane <[email protected]> wrote:
> Ron Johnson <[email protected]> writes:
> > Yeah. From the cli KISS and do regular bash variable string expansion.
>
> > psql -d mydb -tAc "SELECT relkind FROM pg_class WHERE relname =
> > ${SHELL_VAR} ;"
>
> This isn't a great recommendation because bash is not aware of
> SQL's quoting rules. It'll work in simple cases, but there's
> a risk of SQL injection if the value of SHELL_VAR comes from
> an untrustworthy source.
Well, yeah, if your shell script interacts with the outside world you've
got to be a bit more robust than if the script only does db maintenance
operations on the db server.
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Having trouble passing a shell variable to a query from psql command line
In-Reply-To: <CANzqJaCuEFz19dTB53iwiW0vDp1yHrkX8P_1bSyKPyoL8vQ+GQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox