| From: | "Lembark, Steven" <Steven(dot)Lembark(at)broadridge(dot)com> |
|---|---|
| To: | "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
| Cc: | "Loga, Dharani" <Dharani(dot)Loga(at)broadridge(dot)com> |
| Subject: | Using standard SQL placeholders in PG |
| Date: | 2021-10-13 13:11:14 |
| Message-ID: | BN0PR20MB391249E4640F43A8A14B84A4FDB79@BN0PR20MB3912.namprd20.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
PostgreSQL ("PG") supports the notion of placeholders, as do many other relational databases. The placeholder notation in PG uses $X within the SQL. For example:
select foo
from bar
where bletch = $1
is valid SQL. The doller-notation allows re-use of positional parameters and avoids SQL injection entirely by placing the input is appropriately-typed buffers w/in the SQL statement handler. It also avoids issues with double-interpolating quotes as the placeholders are not literals and do not require SQL-quoting to be interpolated properly.
We have quite a bit of SQL here that has to be shared between Python and other packages, so using standard PG SQL statements is required.
Q: Is there any way to prepare and execute standard PG SQL statements with dollar placeholders in PsychoPG2?
Thanks
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paolo De Stefani | 2021-10-13 13:20:54 | Re: psycopg3 transactions |
| Previous Message | Reuben Rissler | 2021-10-13 12:20:54 | Re: psycopg3 transactions |