Catalog of PostgreSQL queries for finding information about a PostgreSQL database and its design problems

AND
AND
AND
ANDFrom where does the query gets its information?
AND
AND

There are 996 queries.

Seq nrNameGoalTypeData sourceLast updateLicense...
561User-defined routines that use dynamic SQL to execute data manipulation statementsFind user-defined routines that use dynamic SQL to execute data manipulation statements (SELECT, INSERT, UPDATE, DELETE).Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 12:39MIT License
View
562Routines that can be invoked with a variable number of argumentsFind routines with a VARIADIC parameter. These are routines that take as input an undefined number of arguments where the argument that is an undefined number are all of the same type and are the last input arguments.GeneralINFORMATION_SCHEMA+system catalog base tables2021-11-04 12:37MIT License
View
563SECURITY DEFINER procedures cannot end transactionsYou cannot use COMMIT and ROLLBACK in a SECURITY DEFINER procedure. Procedures appeared in PostgreSQL 11.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 12:12MIT License
View
564Multiple selects from the same table in a routineCode should be as compact as possible and system should make as little work as necessary in order to solve a task. Thus, instead of selecting different fields of the same row with different SELECT INTO statements one should try to do it with one statement.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 12:10MIT License
View
565Explicit locking is probably not neededYou do not need explicit locking (LOCK TABLE or SELECT … FOR UPDATE) in case of routines that only search some data but do not modify any data and do not raise any exception.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 12:08MIT License
View
566No point to have in a procedure COMMIT without ROLLBACK or vice versaIf you end transaction in a procedure, then there should be a possibility to either commit or rollback the transaction based on some condition. Procedures appeared in PostgreSQL 11.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 12:00MIT License
View
567User-defined routines with dynamic SQL that are potential targets of the SQL injection attackFind routines that have at least one input parameter, use dynamic SQL but do not escape the input arguments at all.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:58MIT License
View
568The use of xmin hidden column in views and routinesFind the number of views and materialized views that have a column with the xid type and the number of routines that contain a UPDATE or a DELETE statement that search condition refers to the xmin column. If one uses optimistic approach for dealing with the concurrent modifications of data, then xmin values should be presented by views and used in routines that modify or delete rows.Sofware measureINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:56MIT License
View
569PL/pgSQL routines that use a cursorWorking with sets of rows rather than processing each row separately is more effective.GeneralINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:54MIT License
View
570Using conditionals to determine the returned valueUse SQL language instead of PL/pgSQL where possible. Instead of using an IF statement, you can check as to whether the data modification succeeded or not by using the RETURNING clause in the data modification statement.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:52MIT License
View
571Procedures cannot have START TRANSACTION and SAVEPOINTYou cannot use a START TRANSACTION or a SAVEPOINT statement in a procedure. Procedures appeared in PostgreSQL 11.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:50MIT License
View
572The reference to a database operation is missing from a commentFind user-defined routines that comment does not contain a reference to a database operation that the routine implements. In case of routines that have been created based on the contracts of database operations, one should refer to the short identifier of the operation in the comment of the routine. The operation identifier must be in this case in the form OP, but other forms could be used as well.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:39MIT License
View
573User-defined routines that use xmin hidden columnFind routines that contain a UPDATE or a DELETE statement that search condition refers to the xmin column. If one uses optimistic approach for dealing with the concurrent modifications of data, then xmin values should be presented by views and used in routines that modify or delete rows.GeneralINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:30MIT License
View
574There is no reason to use PL/pgSQL to write table functionsUsing PL/pgSQL may cause context switching between declarative SQL and procedural PL/pgSQL. Thus use PL/pgSQL only if you truly need some of its constructs. You can create table functions by using SQL.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:28MIT License
View
575FOR UPDATE is not allowed with aggregate functionsImplement explicit locking correctly. Instead of writing, for instance, SELECT Count(*) AS cnt FROM person WHERE person_id=1 FOR UPDATE; one has to write SELECT person_id FROM person WHERE person_id=1 FOR UPDATE;Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:23MIT License
View
576User-defined routines with dynamic SQLFind routines that use dynamic SQL. Make sure that dynamic SQL is indeed needed, i.e., the task cannot be solved with static SQL. Make sure that the routine is protected against attacks that use SQL injection method.GeneralINFORMATION_SCHEMA+system catalog base tables2021-11-04 11:09MIT License
View
577Functions that have transactional controlFind functions that contain transactional control statements (BEGIN, START TRANSACTION, COMMIT, ROLLBACK, SAVEPOINT) in their body. PostgreSQL does not permit transaction control in functions.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 10:50MIT License
View
578SECURITY INVOKER routines that access dataFind SECURITY INVOKER routines that read rows from a table, add rows to a table, update rows in a table, or delete rows from a table. Better to have for these purposes SECURITY DEFINER routines, which make it possible to give to the users privileges to only execute routines without having rights to access their underlying tables.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-04 10:44MIT License
View
579A non-parameterized table function instead of a viewFind table functions that do not have any parameters. Prefer simpler and more portable solutions.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-03 21:16MIT License
View
580search_path should not be between quotation marksWrite security definer functions securely. Give to the DBMS correctly information about the sequence of schemas that constitute the search path. You shouldn't write search path value between quotation marks or apostrophes. Thus, instead of writing SET search_path = "public, pg_temp"; or SET search_path = 'public, pg_temp'; you should write SET search_path = public, pg_temp;Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-03 21:10MIT License
View