From: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
---|---|
To: | Vladimir Ryabtsev <greatvovan(at)gmail(dot)com> |
Cc: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, psycopg(at)postgresql(dot)org |
Subject: | Re: psycopg3 and adaptation choices |
Date: | 2020-11-09 11:32:12 |
Message-ID: | CA+mi_8Z3+tYZMGkV2tE7dk34EuQcryL=UYk8JuW+ka7pOrnZ8g@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
On Mon, 9 Nov 2020 at 02:49, Vladimir Ryabtsev <greatvovan(at)gmail(dot)com> wrote:
>
> A wild idea: support both client-side (like in psycopg2) and server-side binding. Keep old '%s' syntax and provide a separate method for client-side binding (not in 'cur.execute()'). This could alleviate cases like parameters roundtripping and other cases of safe query composition. At the same time use '$N' for true server-side binding.
> Is it an overcomplication or there are valid use-cases of that?
Such a thing exists already: there is a client-side binding library,
which is pretty much a direct porting of the psycopg2.sql module
(https://www.psycopg.org/docs/sql.html) Using that facility, you can
compose argument client-side with `query = sql.SQL("select {},
%s").format("hello")` and pass the above to `cursor.execute(query,
[42]). It uses `{}` and `{name}`-style parameters to bind client-side
so it leaves %s placeholders untouched for execute().
In psycopg3 I've made it slightly easier to use by letting
`SQL.format()` to accept any Python object, and automatically wrapping
it into a `Literal()` object, whereas in psycopg2 `format()` only
accepted "`Composible`" objects, and you should have written the above
as `sql.SQL("select {}, %s").format(Literal("hello"))`.
-- Daniele
From | Date | Subject | |
---|---|---|---|
Next Message | Daniele Varrazzo | 2020-11-09 12:00:55 | Re: psycopg3 and adaptation choices |
Previous Message | Daniele Varrazzo | 2020-11-09 11:22:25 | Re: psycopg3 and adaptation choices |