| From: | Les <nagylzs(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-interfaces(at)lists(dot)postgresql(dot)org |
| Subject: | Re: psycopg3 - parameters cannot be used for DDL commands? |
| Date: | 2022-01-05 17:19:12 |
| Message-ID: | CAKXe9UApjJiajmbYJxTK8MSyop5r1tvqjbrmHgueZ=MFkd706g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
Ok, thanks!
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> ezt írta (időpont: 2022. jan. 5., Sze, 18:07):
> Les <nagylzs(at)gmail(dot)com> writes:
> > PostgreSQL server log:
>
> > 2022-01-05 17:35:25.831 CET [58] ERROR: syntax error at or near "$1" at
> > character 35
> > 2022-01-05 17:35:25.831 CET [58] STATEMENT: ALTER USER postgres WITH
> > PASSWORD $1
>
> Yeah, as a general rule parameters can only be used in DML commands
> (SELECT/INSERT/UPDATE/DELETE). Utility commands don't support them
> because they don't have expression-evaluation capability.
>
> (Perhaps this will change someday, but don't hold your breath.)
>
> > Passwords can also contain special characters. If I can't use parameters
> to
> > do this, then how should I quote them in a safe way?
>
> Most client libraries should have a function to convert an arbitrary
> string into a safely-quoted SQL literal that you can embed into the
> command. I don't know psycopg3, so I don't know what it has for that.
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dmitry Igrishin | 2022-01-05 17:20:36 | Re: psycopg3 - parameters cannot be used for DDL commands? |
| Previous Message | Tom Lane | 2022-01-05 17:07:47 | Re: psycopg3 - parameters cannot be used for DDL commands? |