Postgresql 中文操作指南

SPI_execute_with_args

SPI_execute_with_args — 执行带有离线参数的命令

SPI_execute_with_args — execute a command with out-of-line parameters

Synopsis

int SPI_execute_with_args(const char *command,
                          int nargs, Oid *argtypes,
                          Datum *values, const char *nulls,
                          bool read_only, long count)

Description

SPI_execute_with_args 执行可能包含对外部提供参数的引用的命令。命令文本将参数称为 $_n_ ,并且调用为每个此类符号指定数据类型和值。 read_onlycount 的解释与 SPI_execute 中相同。

SPI_execute_with_args executes a command that might include references to externally supplied parameters. The command text refers to a parameter as $_n_, and the call specifies data types and values for each such symbol. read_only and count have the same interpretation as in SPI_execute.

SPI_execute 相比,此例程的主要优势在于可以在不进行繁琐的引用/转义的情况下将数据值插入到命令中,从而大大降低了 SQL 注入攻击的风险。

The main advantage of this routine compared to SPI_execute is that data values can be inserted into the command without tedious quoting/escaping, and thus with much less risk of SQL-injection attacks.

可以使用 SPI_prepare 后跟 SPI_execute_plan 来实现类似的结果;但是,在使用此函数时,查询计划始终根据提供的特定参数值进行定制。对于一次性查询执行,此函数应优先。如果要使用许多不同的参数执行相同的命令,则任一方法都可能更快,具体取决于重新规划的成本与自定义计划的好处的比较。

Similar results can be achieved with SPI_prepare followed by SPI_execute_plan; however, when using this function the query plan is always customized to the specific parameter values provided. For one-time query execution, this function should be preferred. If the same command is to be executed with many different parameters, either method might be faster, depending on the cost of re-planning versus the benefit of custom plans.

Arguments

  • const char * _command_

    • command string

  • int _nargs_

    • number of input parameters ($1, $2, etc.)

  • Oid * _argtypes_

    • an array of length nargs, containing the OIDs of the data types of the parameters

  • Datum * _values_

    • an array of length nargs, containing the actual parameter values

  • const char * _nulls_

    • an array of length nargs, describing which parameters are null

    • If nulls is NULL then SPI_execute_with_args assumes that no parameters are null. Otherwise, each entry of the nulls array should be ' ' if the corresponding parameter value is non-null, or 'n' if the corresponding parameter value is null. (In the latter case, the actual value in the corresponding values entry doesn’t matter.) Note that nulls is not a text string, just an array: it does not need a '\0' terminator.

  • bool _read_only_

    • true for read-only execution

  • long _count_

    • maximum number of rows to return, or 0 for no limit

Return Value

返回值与 SPI_execute 相同。

The return value is the same as for SPI_execute.

如果成功,则 SPI_processedSPI_tuptableSPI_execute 中的设置相同。

SPI_processed and SPI_tuptable are set as in SPI_execute if successful.