On 05/06/2015 01:56 PM, Ludovic Gasc wrote: Hi, I want to sanitize the name of the schema in a SQL query, because the schema name depends on the client. So you are talking about schema qualifying objects(tables, functions, etc) in a query, correct? Using search_path does not work? The issue is that I can't sanitize the name via the standard way of psycopg2, because it adds quotes around schema name. What is the standard way? Not sure I understand what quotes have to do with it? I imagine it's the same issue with a table name. Do you have a suggestion to bypass that ? Can you provide an code example of what you are trying to do? For now, the most secure way I've found is to test the presence of the schema before launch each query, but not really efficient. Regards. -- Ludovic Gasc (GMLudo)http://www.gmludo.eu/ -- Adrian Klaveradrian.klaver@aklaver.com -- Sent via psycopg mailing list (psycopg@postgresql.org) To make changes to your subscription:http://www.postgresql.org/mailpref/psycopg
Hi, I want to sanitize the name of the schema in a SQL query, because the schema name depends on the client.
The issue is that I can't sanitize the name via the standard way of psycopg2, because it adds quotes around schema name.
I imagine it's the same issue with a table name. Do you have a suggestion to bypass that ?
For now, the most secure way I've found is to test the presence of the schema before launch each query, but not really efficient. Regards. -- Ludovic Gasc (GMLudo)http://www.gmludo.eu/
psycopg by date:
Соглашаюсь с условиями обработки персональных данных
