Documentation

For loops

The for loop instantiates a template once per item from a collection returned from the database.

Example:

<%
   for r in
   (
      select id, name, some_other_field
      from table_name
      where some_field = some_parameter
      and some_other_field like some_other_parameter
      order by id
   )
   loop
%>
<div class="checkbox">
   <label for="to_do_item_<%= r.id %>">
      <input id="to_do_item_<%= r.id %>"
         type="checkbox" name="to_do_item"> <%= r.name %>
   </label>
</div>
<% end loop; %>

Important! If you come from other stacks/languages, you might be used to constructing an SQL statement first in a string, and then executing the string. Such approach is not safe and may lead to SQL injection.

In Pogostack, SQL execution is native and therefore SQL injection is impossible by design. However, there's a for-in-execute loop that allows you to loop over an SQL statement stored in a string. We strongly discourage using such approach. To avoid SQL injection, use native SQL execution as in the above example.


There are other loop structures that can be used for various other purposes, for example:

<% for i in 1..10 loop %>
   <p><%= i %> squared equals <%= i*i %></p>
<% end loop; %>

For more information on loops and other control structures, check PostgreSQL documentation.