| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
| Cc: | Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com>, "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
| Subject: | Re: Solving the SQL composition problem |
| Date: | 2017-01-05 21:22:40 |
| Message-ID: | 7123e127-6690-22ca-f268-8d9c41a794dc@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
On 01/05/2017 11:26 AM, Daniele Varrazzo wrote:
> On Thu, Jan 5, 2017 at 6:59 PM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> wrote:
>
>> Not sure it applies here, but I just ran across a blog from Armin Ronacher.
>> I don't always understand what he says, in this case I think I do and it
>> might be worth a look:
>>
>> http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
>
> It's a reasonable concern, but no, it doesn't apply to us. From the
> Python library I'm only using the parser to parse the format
> micro-language, but not doing anything special with the field name, in
> particular not applying attribute lookup: trying `{0.__class__}`
> wouldn't try to extract the `__class__` attribute from the first
> positional argument, but would look up for a keyword argument with
> such name and fail with a KeyError. Also, we check and explicitly
> forbid placeholder modifier.
>
> https://github.com/psycopg/psycopg2/blob/a8a3a298/lib/sql.py#L227
Alright, good to know.
>
> -- Daniele
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2017-01-05 21:23:09 | Re: speed concerns with executemany() |
| Previous Message | Daniele Varrazzo | 2017-01-05 19:26:35 | Re: Solving the SQL composition problem |