| From: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Cc: | Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com>, "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
| Subject: | Re: Solving the SQL composition problem |
| Date: | 2017-01-05 19:26:35 |
| Message-ID: | CA+mi_8ars3MHkKo_=aMQ-eU2g3cMd3adP9NdpSYqpz+pCmpb5g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
On Thu, Jan 5, 2017 at 6:59 PM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> wrote:
> Not sure it applies here, but I just ran across a blog from Armin Ronacher.
> I don't always understand what he says, in this case I think I do and it
> might be worth a look:
>
> http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
It's a reasonable concern, but no, it doesn't apply to us. From the
Python library I'm only using the parser to parse the format
micro-language, but not doing anything special with the field name, in
particular not applying attribute lookup: trying `{0.__class__}`
wouldn't try to extract the `__class__` attribute from the first
positional argument, but would look up for a keyword argument with
such name and fail with a KeyError. Also, we check and explicitly
forbid placeholder modifier.
https://github.com/psycopg/psycopg2/blob/a8a3a298/lib/sql.py#L227
-- Daniele
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2017-01-05 21:22:40 | Re: Solving the SQL composition problem |
| Previous Message | Daniele Varrazzo | 2017-01-05 19:00:28 | Re: speed concerns with executemany() |