allow name parametr llike this!

Open koshak01 opened this issue 2 years ago • 2 comments

Like this: "SELECT company FROM company WHERE approved=%(approved)s"

not this : SELECT company FROM company WHERE approved = ${approved}

not this : SELECT company FROM company WHERE approved = $1

can you make easy, i have lot of code, i can't rewrite all my code (

Apr 18 '23 00:04 koshak01

Perhaps OP would like to consider SQL injection in their request.

Apr 19 '23 02:04 dimaqq

You can use https://pypi.org/project/sqlparams/ to convert from any preferred style into the numeric dollar style. E.g.

import sqlparams as sqlparams

query = sqlparams.SQLParams("pyformat", "numeric_dollar")
fmt_qry, args = query.format("SELECT company FROM company WHERE approved = %(approved)s", {"approved":True})
...
value = await cursor.fetchrow(fmt_qry, *args)

May 27 '23 09:05 JesseDeLoore