| From: | Dorian Hoxha <dorian(dot)hoxha(at)gmail(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Cc: | Ludovic Gasc <gmludo(at)gmail(dot)com>, psycopg(at)postgresql(dot)org |
| Subject: | Re: Sanitize schema name |
| Date: | 2015-05-07 11:35:31 |
| Message-ID: | CANsFX04jC0obuvBoR=0LcUODeZN3DAMoEUK9E7EvBe-82wnGhg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
He wants to dynamically pass the table name:
cursor.execute("SELECT * FROM %s", (table,)) # won't work
On Wed, May 6, 2015 at 11:08 PM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
wrote:
> On 05/06/2015 01:56 PM, Ludovic Gasc wrote:
>
>> Hi,
>>
>> I want to sanitize the name of the schema in a SQL query, because the
>> schema name depends on the client.
>>
>
> So you are talking about schema qualifying objects(tables, functions, etc)
> in a query, correct?
>
> Using search_path does not work?
>
>
>> The issue is that I can't sanitize the name via the standard way of
>> psycopg2, because it adds quotes around schema name.
>>
>
> What is the standard way?
> Not sure I understand what quotes have to do with it?
>
>>
>> I imagine it's the same issue with a table name. Do you have a
>> suggestion to bypass that ?
>>
>
> Can you provide an code example of what you are trying to do?
>
>
>
>> For now, the most secure way I've found is to test the presence of the
>> schema before launch each query, but not really efficient.
>>
>> Regards.
>> --
>> Ludovic Gasc (GMLudo)
>> http://www.gmludo.eu/
>>
>
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com
>
>
> --
> Sent via psycopg mailing list (psycopg(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/psycopg
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniele Varrazzo | 2015-05-07 12:01:48 | Re: Sanitize schema name |
| Previous Message | Adrian Klaver | 2015-05-06 21:08:48 | Re: Sanitize schema name |