0
0
PostgreSQLquery~20 mins

Dynamic SQL with EXECUTE in PostgreSQL - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Dynamic SQL Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
query_result
intermediate
2:00remaining
Output of Dynamic SQL with EXECUTE in a Function

Consider the following PostgreSQL function that uses dynamic SQL with EXECUTE to select data from a table:

CREATE OR REPLACE FUNCTION get_table_count(tablename text) RETURNS integer AS $$
DECLARE
  result integer;
BEGIN
  EXECUTE 'SELECT count(*) FROM ' || quote_ident(tablename) INTO result;
  RETURN result;
END;
$$ LANGUAGE plpgsql;

Assuming there is a table named employees with 5 rows, what will be the output of SELECT get_table_count('employees');?

A5
Bcount(*)
Ctablename
DError: relation "employees" does not exist
Attempts:
2 left
💡 Hint

Think about how EXECUTE runs the SQL string and stores the result into the variable.

📝 Syntax
intermediate
2:00remaining
Identify the Syntax Error in Dynamic SQL EXECUTE

Which of the following dynamic SQL statements in a PL/pgSQL block will cause a syntax error when using EXECUTE?

DECLARE
  sql_text text;
BEGIN
  sql_text := 'SELECT * FROM ' || tablename;
  EXECUTE sql_text;
END;
AEXECUTE 'SELECT * FROM ' + tablename;
BEXECUTE 'SELECT * FROM ' || tablename;
CEXECUTE format('SELECT * FROM %I', tablename);
DEXECUTE 'SELECT * FROM ' || quote_ident(tablename);
Attempts:
2 left
💡 Hint

Remember how string concatenation works in PostgreSQL.

optimization
advanced
2:00remaining
Optimizing Dynamic SQL with EXECUTE for Repeated Queries

You have a PL/pgSQL function that runs dynamic SQL with EXECUTE multiple times for the same table name. Which approach improves performance by avoiding repeated parsing?

AUse <code>EXECUTE</code> with a dynamically built SQL string every time inside the loop.
BUse <code>EXECUTE</code> with concatenated strings without quoting identifiers.
CUse static SQL queries instead of dynamic SQL.
DUse <code>PREPARE</code> once with the dynamic SQL, then <code>EXECUTE</code> the prepared statement multiple times.
Attempts:
2 left
💡 Hint

Think about how PostgreSQL handles query planning and execution.

🔧 Debug
advanced
2:00remaining
Debugging an EXECUTE Statement with Variable Substitution

Given the following PL/pgSQL code snippet, what is the cause of the error?

DECLARE
  tablename text := 'users';
  result integer;
BEGIN
  EXECUTE 'SELECT count(*) FROM tablename' INTO result;
  RETURN result;
END;
AThe <code>INTO</code> clause is not allowed with <code>EXECUTE</code>.
BThe variable <code>result</code> is not declared properly.
CThe variable <code>tablename</code> is not substituted inside the string, so the query looks for a table literally named 'tablename'.
DThe <code>EXECUTE</code> statement requires double quotes around the table name.
Attempts:
2 left
💡 Hint

Check how variables are included in dynamic SQL strings.

🧠 Conceptual
expert
2:00remaining
Understanding Security Risks of Dynamic SQL with EXECUTE

Which of the following statements best explains a security risk when using dynamic SQL with EXECUTE in PostgreSQL?

ADynamic SQL always runs slower than static SQL, so it is a security risk.
BDynamic SQL with EXECUTE can lead to SQL injection if user input is concatenated directly without proper quoting or validation.
CEXECUTE statements cannot be logged, so auditing is impossible.
DDynamic SQL disables all permission checks on tables.
Attempts:
2 left
💡 Hint

Think about how user input can affect SQL commands.