From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Les <nagylzs(at)gmail(dot)com> |
Cc: | pgsql-interfaces(at)lists(dot)postgresql(dot)org |
Subject: | Re: psycopg3 - parameters cannot be used for DDL commands? |
Date: | 2022-01-05 17:07:47 |
Message-ID: | 303861.1641402467@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
Les <nagylzs(at)gmail(dot)com> writes:
> PostgreSQL server log:
> 2022-01-05 17:35:25.831 CET [58] ERROR: syntax error at or near "$1" at
> character 35
> 2022-01-05 17:35:25.831 CET [58] STATEMENT: ALTER USER postgres WITH
> PASSWORD $1
Yeah, as a general rule parameters can only be used in DML commands
(SELECT/INSERT/UPDATE/DELETE). Utility commands don't support them
because they don't have expression-evaluation capability.
(Perhaps this will change someday, but don't hold your breath.)
> Passwords can also contain special characters. If I can't use parameters to
> do this, then how should I quote them in a safe way?
Most client libraries should have a function to convert an arbitrary
string into a safely-quoted SQL literal that you can embed into the
command. I don't know psycopg3, so I don't know what it has for that.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Les | 2022-01-05 17:19:12 | Re: psycopg3 - parameters cannot be used for DDL commands? |
Previous Message | Les | 2022-01-05 16:42:31 | psycopg3 - parameters cannot be used for DDL commands? |