Re: Sanitize schema name
От | Elliot S |
---|---|
Тема | Re: Sanitize schema name |
Дата | |
Msg-id | 5565F1AA.7070703@gmail.com обсуждение исходный текст |
Ответ на | Re: Sanitize schema name (Federico Di Gregorio <fog@dndg.it>) |
Ответы |
Re: Sanitize schema name
(Daniele Varrazzo <daniele.varrazzo@gmail.com>)
|
Список | psycopg |
>>>> In short: >>>> 1. identifier quoting may use PQescapeIdentifier if it's >>>> available, >>>> otherwise the pure-psyco escaping is done >> >> No: only the libpq version should be used. The psycopg one is not >> generic enough and only for internal use. The function is exposed in >> all the currently supported libpq versions so we don't really care >> about the older ones. > > Agreed. I've removed the call out to the psycopg quoting. >>>> 2. the %t format is now accepted, and its value must be either a >>>> string or bytes (no error handling is done yet if this isn't the >>>> case) - >>>> replacement for this calls out to the identifier quoting >> >> I don't like this idea: %t is nowhere standard. Psycopg has already >> powerful enough types-based adaptation: using it with identifiers has >> always been rejected because moving to libpq parameters would break. >> But the %t would break too so I don't see why to jump on this idea. >> Furthermore using a different parameter goes sideways to the entire >> type system: what if one passes a number to a %t? Looking at the patch >> it seems like it silently discards the value. That's a no for me. >> >> IMO we should just do: >> >> 1) expose the PQescape* libpq functions as pure bytes-bytes functions >> for people to use them as they wish. Under a good moon we should >> roundtrip unicode around. You know, python 3... >> 2) have a wrapper identifier object, whose adaptation result in >> identifier escaping. With current psycopg it could be used with: >> >> cur.execute("update table set %s = %s", (ident(field), value)) > > No no no. Bound variables should be easily identifiable and should not > be mixed with identifiers. If you don't like %t, that's OK but having > an ident behave like a bound variable isn't good either. I'd say lets > just stick to expose quoting functions in psycopg.extensions or as > extra methods on the connection object. %t formatting is also removed. >> if we want this to be used in the future: >> >> sql = "update table set %s = %%s" % ident(field) # [note] >> cur.execute(sql, (value,)) >> >> [note]: this is a lie because the libpq functions take a connection as >> parameter too so we cannot just compose using the string % operator. >> We can have a cursor method doing that instead, or having "ident" >> being a cursor method. > > If it requires a connection, lets stick it to the connection object. > > federico > I've added a quote_ident() to the connection object. I'm still working on my quote_ident branch https://github.com/psycopg/psycopg2/compare/master...yieldsfalsehood:quote_ident Return values are just bytestrings right now. bytestring input isn't accepted on python3.4 (only py3 I tested); unicode and bytestring inputs look ok for python2.7. The other PQescape* functions were mentioned earlier but I haven't touched them, yet.
В списке psycopg по дате отправления: