From: | Elliot S <yields(dot)falsehood(at)gmail(dot)com> |
---|---|
To: | "P(dot) Christeas" <xrg(at)linux(dot)gr>, psycopg(at)postgresql(dot)org |
Cc: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
Subject: | Re: Sanitize schema name |
Date: | 2015-05-13 14:13:58 |
Message-ID: | 55535C26.6020803@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
I like this idea and drafted it up.
Looking for comments on this patch:
https://github.com/yieldsfalsehood/psycopg2/commit/f86f773de6ee99e2d7a2807136dcb458d97ba852
In short:
1. identifier quoting may use PQescapeIdentifier if it's available,
otherwise the pure-psyco escaping is done
2. the %t format is now accepted, and its value must be either a
string or bytes (no error handling is done yet if this isn't the case) -
replacement for this calls out to the identifier quoting
On 05/10/2015 05:00 AM, P. Christeas wrote:
> On Thursday 07 of May 2015, Daniele Varrazzo wrote:
>> Looks like there is more and more the need of exposing a function like
>> libpq's PQescapeIdentifier [1]. Too bad psycopg 2.6 has been released
>> so recently, I'm reluctant to add such a function to 2.6.1.
>>
>> Maybe releasing a small Python module exposing just that function,
>> then add the functionality to psycopg 2.7?
> I vote for a pre-release of 2.7, with this feature. Modifying the API, even if
> the new function wouldn't interfere with any existing ones, calls for a
> version bump.
>
> Just another idea, would it make sense to abuse the semantics of string
> formatting[1] and introduce another type, say "%t" [2] for implicit identifier
> escaping?
>
> This would make our queries look like:
> cr.execute("SELECT id FROM %t WHERE name = %s", ('some.tbl', 'spam'))
>
>
>
> [1] https://docs.python.org/2/library/stdtypes.html#string-formatting
> [2] I notice that "t" isn't used for anything else, so far.
>
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Federico Di Gregorio | 2015-05-20 08:14:57 | Re: Sanitize schema name |
Previous Message | Ludovic Gasc | 2015-05-11 19:37:23 | Re: Sanitize schema name |