Postgres 12

By using db<>fiddle, you agree to license everything you submit by Creative Commons CC0.

Help with an interesting Postgres question: Why isn't an Index Only Scan used on a partition accessed via the parent table?.

CREATE TABLE foo (id serial, data text);
INSERT INTO foo (data) VALUES ('Important data');

CREATE TABLE

INSERT 0 1

CREATE FUNCTION unsafe_add_table(text)
  RETURNS void AS
$func$
BEGIN
   EXECUTE 'CREATE TABLE ' || $1 || '(item_1 int, item_2 int)';
END
$func$  LANGUAGE plpgsql;

CREATE FUNCTION

TABLE foo;

id
data

1
Important data

SELECT 1

-- malicious call with SQL injection
SELECT unsafe_add_table('bar(id int); DELETE FROM foo; --');

unsafe_add_table

SELECT 1

-- all rows in table foo have been deleted!
TABLE foo;

id
data

SELECT 0