| From: | "P(dot) Christeas" <xrg(at)linux(dot)gr> |
|---|---|
| To: | psycopg(at)postgresql(dot)org |
| Cc: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
| Subject: | Re: Sanitize schema name |
| Date: | 2015-05-10 09:00:43 |
| Message-ID: | 2970827.NoBbUpxZr6@xorhgos3.pefnos |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
On Thursday 07 of May 2015, Daniele Varrazzo wrote:
> Looks like there is more and more the need of exposing a function like
> libpq's PQescapeIdentifier [1]. Too bad psycopg 2.6 has been released
> so recently, I'm reluctant to add such a function to 2.6.1.
>
> Maybe releasing a small Python module exposing just that function,
> then add the functionality to psycopg 2.7?
I vote for a pre-release of 2.7, with this feature. Modifying the API, even if
the new function wouldn't interfere with any existing ones, calls for a
version bump.
Just another idea, would it make sense to abuse the semantics of string
formatting[1] and introduce another type, say "%t" [2] for implicit identifier
escaping?
This would make our queries look like:
cr.execute("SELECT id FROM %t WHERE name = %s", ('some.tbl', 'spam'))
[1] https://docs.python.org/2/library/stdtypes.html#string-formatting
[2] I notice that "t" isn't used for anything else, so far.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ludovic Gasc | 2015-05-10 12:07:59 | Re: Sanitize schema name |
| Previous Message | Ludovic Gasc | 2015-05-10 06:55:08 | Re: Sanitize schema name |