clear markdown feedback
clear markdown feedback
By using db<>fiddle, you agree to license everything you submit by Creative Commons CC0. 3364508 fiddles created (36275 in the last week).

CREATE TABLE foo (id serial, data text); INSERT INTO foo (data) VALUES ('Important data');
1 rows affected
 hidden batch(es)


CREATE FUNCTION unsafe_add_table(text) RETURNS void AS $func$ BEGIN EXECUTE 'CREATE TABLE ' || $1 || '(item_1 int, item_2 int)'; END $func$ LANGUAGE plpgsql;
 hidden batch(es)


TABLE foo;
id data
1 Important data
 hidden batch(es)


-- malicious call with SQL injection SELECT unsafe_add_table('bar(id int); DELETE FROM foo; --');
unsafe_add_table
 hidden batch(es)


-- all rows in table foo have been deleted! TABLE foo;
id data
 hidden batch(es)