Re: [psycopg] Solving the SQL composition problem

On 01/02/2017 08:21 AM, Daniele Varrazzo wrote:
> On Mon, Jan 2, 2017 at 4:05 PM, Jim Nasby <Jim.Nasby@bluetreble.com> wrote:
>> On 1/1/17 2:11 AM, Daniele Varrazzo wrote:
>>>
>>>         sql.SQL("insert into %s values (%%s)") %
>>> [sql.Identifier('mytable')],
>>
>>
>> Since %s isn't standard parameter replacement anyway, I'm wondering if both
>> considerations could just be handled by execute(), by using different
>> replacement syntax. IE:
>>
>> execute('insert into %s values ($1)', [42], ['my table'])
>>
>> Obviously this would be backwards incompatible, but I think that's
>> manageable.
>
> mmm... what I think is that if these objects' replacement rules were
> different one could leave the %s and %(name)s placeholder untouched
> for the query params.
>
> A natural choice could be to use the str.format syntax for the query
> composition, or a subset of it. Hence my example could be:
>
> cur.execute(
>     sql.SQL("insert into {} values (%s,
> %s)").format(sql.Identifier('my_table')),
>     [10, 20])

I like this, makes it clearer what is an identifier versus a placeholder.

>
> This would largely remove the need for double escaping.
>
> -- Daniele
>
>


--
Adrian Klaver
adrian.klaver@aklaver.com