osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Replacing : with "${" at the beginning of the word and adding "}" at the end of the word


On 02Oct2018 06:04, zljubisic at gmail.com <zljubisic at gmail.com> wrote:
>I have to execute the same sql in two different programs.
>Each of them marks parameters differently.

Then you are MUCH better off assembling the SQL using come kind of query 
constructor, which correctly inserts parameter placeholders is the correct 
dialogue.

>Anyway, I have found the solution.
>cnv_sel = re.sub(r"(:(.+?)\b)", r"${\2}", sel)

That is a recipe for making unsafe SQL. It does not honour quotes. It does not 
ensure parameter names are identifiers (which may be vital).

Please look into a library for constructing SQL. My favourite general purpose 
one is SQLAlchemy, which lets you write very nice Python expressions which get 
turned safely into dialect specific SQL.

Cheers,
Cameron Simpson <cs at cskk.id.au>