Tom Lane wrote:
> Andrew Dunstan <andrew@dunslane.net> writes:
>
>> I put the attached together a while ago and neglected to send it.
>> Basically it includes the text of the query being explained in the
>> explain output.
>>
>
> I'm pretty certain this will dump core in some contexts --- you should
> not assume that sourceText is always available.
>
Ok, I guess I can insert a check that the sourceText is not null. I
wonder what we are supposed to take an explanation to mean if we can't
say what it is we're explaining.
> Should we be worried about security implications of displaying the query
> text?
>
>
If it is dangerous then surely so is the explanation.
cheers
andrew