Re: Protection from SQL injection - Mailing list pgsql-sql

From Joe
Subject Re: Protection from SQL injection
Date
Msg-id 4814A1E6.1070200@freedomcircle.net
Whole thread Raw
In response to Re: Protection from SQL injection  (Ivan Sergio Borgonovo <mail@webthatworks.it>)
Responses Re: Protection from SQL injection
List pgsql-sql
Ivan Sergio Borgonovo wrote:
> It'd be nice to have a wrapper that let you write prepared statements
> this way:
>
> "select a.id, b.name from a join b on a.id=b.id where
> a.status=$variable1 and b.id>$variable2 etc... but that's a pretty
> good change to any language parser.
>   

Python already supports something like that. See PEP 249 
(http://www.python.org/dev/peps/pep-0249/), under Module Interface, the 
description of the paramstyle parameter. Psycopg2 supports both the 
"format" (C printf) and "pyformat" styles. See the last section on this 
page for an example using the pyformat style: 
http://www.devx.com/opensource/Article/29071/0/page/3.

Joe


pgsql-sql by date:

Previous
From: "Mag Gam"
Date:
Subject: Re: Curious about wide tables.
Next
From: Ivan Sergio Borgonovo
Date:
Subject: Re: Protection from SQL injection