On Thu, Sep 15, 2005 at 07:41:49AM -0500, Michael Hipp wrote:
> >
> >Because log is an identifier, not a text type. So you can write it "log"
> >or log but not 'log'. Bound variables should be used for binding
> >variables not for building generic queries (in psycopg 2 you _can_
> >define an adapter that helps you to build queries but I wouldn't do that
> >anyway.)
> >
> >So the right way is:
> >
> > curs.execute("LISTEN " + n)
>
> Ok, so the admonition to always use the tuple syntax isn't quite right. It
> depends on the specifics of a given sql statement. Which means I must
> analyze every query and use logic to craft a proper call. Bummer.
No - think of it as an equivalent to prepared statements: one can't have
variable identifiers. In SQL that restriction allows compilation of pre-
pared statements, im psycopg it's impossible for the driver to deduct
the type from the tuple you provide. String or identifier?
I shuer hope you don't plan to have users provide table/view names? This
really needs carefull sanity checks (i.e. whitelists: and once you have
these you can dispatch to constant SQL statements).
HTH Ralf Mattes
> Thanks,
> Michael
> _______________________________________________
> Psycopg mailing list
> Psycopg-IAPFreCvJWPBWskQ1e/+sw@xxxxxxxxxxxxxxxx
> http://lists.initd.org/mailman/listinfo/psycopg
|
