From: | Victor Hooi <victorhooi(at)yahoo(dot)com> |
---|---|
To: | psycopg(at)postgresql(dot)org |
Subject: | Parametised query wraps everything in single quotes? |
Date: | 2013-11-11 07:36:04 |
Message-ID: | CAMnnoUL2Kx7RWqjPYAeKu=-MVNvLnR-G_WYCj8+MNopXzNN0AA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
Hi,
I'm attempting to pass parameters through to a COPY statement that's
running against Amazon Redshift.
The statement looks a bit like this:
COPY my_table (
my_field_1,
my_field_2,
my_field_3
)
FROM 's3://my_bucket/my_filename'
CREDENTIALS 'aws_access_key=my_key;aws_secret_key=my_secret_key'
...
where I'm passing through values to my_bucket, my_filename etc.
Originally, I tried using Psycopg2's parametised queries, however, this
seemed to wrap all the values in single quotes, so the final result was
something like:
FROM 's3://'my_bucket'/'my_filename''
which obviously doesn't work since the bucket name doesn't have quotes in
it.
From reading this:
I get the impression that this is a known limitation of Psycopg2, and there
isn't any other way around it.
So I'm using Python's .format() operator to insert the values into the SQL
statement now.
However, I'm wondering if there is another way around this since then,
where you can still pass values through to the SQL statement, but I'm not
exposed to SQL injection attacks?
Cheers,
Victor
From | Date | Subject | |
---|---|---|---|
Next Message | David Niergarth | 2013-11-11 14:29:36 | Re: Parametised query wraps everything in single quotes? |
Previous Message | Daniele Varrazzo | 2013-11-08 10:44:39 | Re: Passing Parameters to copy_expert()? |