Re: Sanitize schema name
| От | Elliot S |
|---|---|
| Тема | Re: Sanitize schema name |
| Дата | |
| Msg-id | 555C7E01.3030401@gmail.com обсуждение исходный текст |
| Ответ на | Re: Sanitize schema name (Federico Di Gregorio <fog@dndg.it>) |
| Список | psycopg |
Sounds good, thanks for the feedback. I should have time to work on this today and tomorrow. On 05/20/2015 04:14 AM, Federico Di Gregorio wrote: > On 13/05/2015 16:13, Elliot S wrote: >> I like this idea and drafted it up. >> >> Looking for comments on this patch: >> >> https://github.com/yieldsfalsehood/psycopg2/commit/f86f773de6ee99e2d7a2807136dcb458d97ba852 >> >> >> In short: >> 1. identifier quoting may use PQescapeIdentifier if it's available, >> otherwise the pure-psyco escaping is done >> 2. the %t format is now accepted, and its value must be either a >> string or bytes (no error handling is done yet if this isn't the case) - >> replacement for this calls out to the identifier quoting > > The patch looks fine to me but your tests should cover all corner cases: > > 1) spaces in identifiers > 2) double quotes in identifiers > 3) a mix of upper- and lower-case characters > > I'd also like to see the tests compare the result with the result of a > "SELECT quote_ident(...)" call, just to be future proof. > > Also, I'd expose the quoting function in psycopg.extensions to let the > user build the query string separately from the .execute() call: this > is useful if you want to stick to DBAPI in your .execute() call. I.e., > to allow something like: > > from psycopg.extensions import quote_ident > > query = "SELECT %s FROM %s WHERE id = %%s" % ( > quote_ident('table'), quote_ident('col')) > > curs.execute(query, (id_value,)) > > federico >
В списке psycopg по дате отправления: