0
0
PostgreSQLquery~20 mins

Format function for safe formatting in PostgreSQL - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Format Function Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
query_result
intermediate
1:30remaining
What is the output of this PostgreSQL format function?
Consider the following SQL query using the format function:

SELECT format('Hello, %s! Today is %s.', 'Alice', 'Monday');

What is the output of this query?
PostgreSQL
SELECT format('Hello, %s! Today is %s.', 'Alice', 'Monday');
AError: format function requires numeric arguments
BHello, %s! Today is %s.
CHello, Alice! Today is %s.
DHello, Alice! Today is Monday.
Attempts:
2 left
💡 Hint
The format function replaces placeholders like %s with the provided arguments in order.
query_result
intermediate
1:30remaining
What does this format call return with integer and string?
Given this SQL statement:

SELECT format('ID: %s, Name: %s', 123, 'Bob');

What is the output?
PostgreSQL
SELECT format('ID: %s, Name: %s', 123, 'Bob');
AID: 123, Name: Bob
BID: 123, Name: %s
CID: %s, Name: %s
DError: cannot mix integer and string in format
Attempts:
2 left
💡 Hint
The %s placeholder can accept any data type and converts it to text.
📝 Syntax
advanced
1:30remaining
Which option causes a syntax error in this format usage?
Identify which SQL statement will cause a syntax error when using the format function:
ASELECT format('Value: %s', );
BSELECT format('Value: %d', 42);
CSELECT format('Value: %s', 'text');
DSELECT format('Value: %s', 42);
Attempts:
2 left
💡 Hint
Check if all placeholders have matching arguments.
optimization
advanced
2:00remaining
Which format usage is safest to avoid SQL injection?
You want to safely insert a user input string into a query using format. Which option correctly uses format to avoid SQL injection?
Aformat('SELECT * FROM users WHERE name = %I', user_input)
Bformat('SELECT * FROM users WHERE name = ''%s''', user_input)
Cformat('SELECT * FROM users WHERE name = %L', user_input)
Dformat('SELECT * FROM users WHERE name = %s', user_input)
Attempts:
2 left
💡 Hint
Use the correct format specifier to safely quote literals.
🧠 Conceptual
expert
2:30remaining
Why use format() with %I instead of string concatenation for identifiers?
In PostgreSQL, when dynamically building SQL queries, why is it better to use format() with the %I specifier for table or column names instead of simple string concatenation?
ABecause %I converts identifiers to lowercase always, ensuring consistency.
BBecause %I automatically quotes identifiers to handle special characters and reserved words safely.
CBecause string concatenation is faster but less readable than format().
DBecause %I escapes string literals to prevent SQL injection.
Attempts:
2 left
💡 Hint
Think about how identifiers with spaces or special characters are handled.