Get another function to return timestamp in PostgreSQL

Question

Can I have another function to return the last timestamp. I want to compare with this query to use the best query.

My query:

CREATE OR REPLACE FUNCTION f_last_update1(nomTable text , OUT updated timestamp)
  LANGUAGE plpgsql AS
$func$
BEGIN
   EXECUTE 'SELECT max(updated) FROM ' || nomTable
   INTO updated;   
END
$func$;

Laurenz Albe · Answer 1 · 2021-04-09T10:56:19.210

Your function is insecure and vulnerable to SQL injection:

SELECT f_last_update1('sometable; DROP TABLE sometable; SELECT current_timestamp');

Use

CREATE OR REPLACE FUNCTION f_last_update1(
   IN  nomSchema text,
   IN  nomTable text,
   OUT updated timestamp)
  LANGUAGE plpgsql AS
$func$
BEGIN
   EXECUTE format(
              'SELECT max(updated) FROM %I.%I',
              nomSchema,
              nomTable
           )
      INTO updated;
END
$func$;

Get another function to return timestamp in PostgreSQL

1 Answers1