Home > mailing lists

Re: psycopg3 - parameters cannot be used for DDL commands? - Mailing list pgsql-interfaces

From	Tom Lane
Subject	Re: psycopg3 - parameters cannot be used for DDL commands?
Date	January 5, 2022 20:07:47
Msg-id	303861.1641402467@sss.pgh.pa.us Whole thread Raw
In response to	psycopg3 - parameters cannot be used for DDL commands? (Les <nagylzs@gmail.com>)
Responses	Re: psycopg3 - parameters cannot be used for DDL commands? (Les <nagylzs@gmail.com>) Re: psycopg3 - parameters cannot be used for DDL commands? (Dmitry Igrishin <dmitigr@gmail.com>)
List	pgsql-interfaces

Tree view

Les <nagylzs@gmail.com> writes:
> PostgreSQL server log:

> 2022-01-05 17:35:25.831 CET [58] ERROR:  syntax error at or near "$1" at
> character 35
> 2022-01-05 17:35:25.831 CET [58] STATEMENT:  ALTER USER postgres WITH
> PASSWORD $1

Yeah, as a general rule parameters can only be used in DML commands
(SELECT/INSERT/UPDATE/DELETE).  Utility commands don't support them
because they don't have expression-evaluation capability.

(Perhaps this will change someday, but don't hold your breath.)

> Passwords can also contain special characters. If I can't use parameters to
> do this, then how should I quote them in a safe way?

Most client libraries should have a function to convert an arbitrary
string into a safely-quoted SQL literal that you can embed into the
command.  I don't know psycopg3, so I don't know what it has for that.

            regards, tom lane

pgsql-interfaces by date:

From: Les
Date: 05 January 2022, 19:42:31
Subject: psycopg3 - parameters cannot be used for DDL commands?

From: Les
Date: 05 January 2022, 20:19:12
Subject: Re: psycopg3 - parameters cannot be used for DDL commands?

Re: psycopg3 - parameters cannot be used for DDL commands? - Mailing list pgsql-interfaces

Previous

Next