On Fri, Aug 29, 2025 at 3:15 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
Ron Johnson <ronljohnsonjr@xxxxxxxxx> writes:
> Yeah. From the cli KISS and do regular bash variable string expansion.
> psql -d mydb -tAc "SELECT relkind FROM pg_class WHERE relname =
> ${SHELL_VAR} ;"
This isn't a great recommendation because bash is not aware of
SQL's quoting rules. It'll work in simple cases, but there's
a risk of SQL injection if the value of SHELL_VAR comes from
an untrustworthy source.
Well, yeah, if your shell script interacts with the outside world you've got to be a bit more robust than if the script only does db maintenance operations on the db server.
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
