From: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
---|---|
To: | Federico Di Gregorio <fog(at)dndg(dot)it> |
Cc: | "W(dot) Matthew Wilson" <matt(at)tplus1(dot)com>, "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
Subject: | Re: Is passing a list as a bound variable safe from SQL injection? |
Date: | 2013-10-03 13:07:25 |
Message-ID: | CA+mi_8Zh4f=4mn_UNpuUCmuBi71j1LMCek0DM==3twBYSSc+bA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
On Thu, Oct 3, 2013 at 8:53 AM, Federico Di Gregorio <fog(at)dndg(dot)it> wrote:
> On 02/10/2013 18:31, W. Matthew Wilson wrote:
> [snip]
>> This is the approach (and it does involve very long lists):
>>
>> http://www.datadoghq.com/2013/08/100x-faster-postgres-performance-by-changing-1-line/
>>
>> Instead of writing = any(array[1,2,3,4]), they wrote = any(values (1),
>> (2), (3), (4), )
>>
>> and somehow that works more quickly.
>
> Hi Matthew,
>
> you can override the list adapter and have it generate the "values"
> expression instead of an array. See this example:
>
> http://www.psycopg.org/psycopg/docs/advanced.html?highlight=adapt#adapting-new-python-types-to-sql-syntax
Interesting indeed. Too bad in the article there is no reference to
the discussion in -performance about the issue (or is there and I
haven't seen it?).
Here is an adapter that can be used to wrap a sequence and pass it to VALUES:
https://gist.github.com/dvarrazzo/6809387
Unfortunately it seems there is no way to create the gist under the
psycopg organization on github.
-- Daniele
From | Date | Subject | |
---|---|---|---|
Next Message | Daniele Varrazzo | 2013-10-03 13:21:02 | Re: Is passing a list as a bound variable safe from SQL injection? |
Previous Message | Federico Di Gregorio | 2013-10-03 07:53:45 | Re: Is passing a list as a bound variable safe from SQL injection? |