Re: psycopg3 - parameters cannot be used for DDL commands?

Les <nagylzs@gmail.com> writes:
> PostgreSQL server log:

> 2022-01-05 17:35:25.831 CET [58] ERROR:  syntax error at or near "$1" at
> character 35
> 2022-01-05 17:35:25.831 CET [58] STATEMENT:  ALTER USER postgres WITH
> PASSWORD $1

Yeah, as a general rule parameters can only be used in DML commands
(SELECT/INSERT/UPDATE/DELETE).  Utility commands don't support them
because they don't have expression-evaluation capability.

(Perhaps this will change someday, but don't hold your breath.)

> Passwords can also contain special characters. If I can't use parameters to
> do this, then how should I quote them in a safe way?

Most client libraries should have a function to convert an arbitrary
string into a safely-quoted SQL literal that you can embed into the
command.  I don't know psycopg3, so I don't know what it has for that.

                        regards, tom lane