SQLAlchemy 参数化一个不带引号的值
SQLAlchemy Parameterize an Unquoted Value
我正在尝试像这样在数据库中动态创建用户:
from sqlalchemy.sql import text
def create_user(user: str, password: str):
stmt = text("CREATE USER :user WITH PASSWORD :password")
engine.execute(stmt, user=user, password=password)
create_user("bob", "password123")
但问题在于 SQLAlchemy 会将此查询参数化为:
CREATE USER 'bob' WITH PASSWORD 'password123'"
抛出错误:
sqlalchemy.exc.ProgrammingError: (psycopg2.errors.SyntaxError) syntax error at or near "'bob'"
LINE 1: CREATE USER 'bob' WITH PASSWORD 'password123'
抛出此错误是因为 bob 应该是不带引号的。正确的 SQL 输出实际上应该是:
CREATE USER bob WITH PASSWORD 'password123'
如何防止 SQLAlchemy 将参数化值用引号引起来?
在标准查询参数化不适用的情况下,例如当试图将数据库对象名称合并到 SQL 语句中时,我们必须求助于 dynamic SQL:
with engine.begin() as conn:
sql = "CREATE USER {} WITH PASSWORD {}".format("bob", "password123")
conn.exec_driver_sql(sql)
(显然,必须注意避免 Little Bobby Tables 来访。)
我正在尝试像这样在数据库中动态创建用户:
from sqlalchemy.sql import text
def create_user(user: str, password: str):
stmt = text("CREATE USER :user WITH PASSWORD :password")
engine.execute(stmt, user=user, password=password)
create_user("bob", "password123")
但问题在于 SQLAlchemy 会将此查询参数化为:
CREATE USER 'bob' WITH PASSWORD 'password123'"
抛出错误:
sqlalchemy.exc.ProgrammingError: (psycopg2.errors.SyntaxError) syntax error at or near "'bob'"
LINE 1: CREATE USER 'bob' WITH PASSWORD 'password123'
抛出此错误是因为 bob 应该是不带引号的。正确的 SQL 输出实际上应该是:
CREATE USER bob WITH PASSWORD 'password123'
如何防止 SQLAlchemy 将参数化值用引号引起来?
在标准查询参数化不适用的情况下,例如当试图将数据库对象名称合并到 SQL 语句中时,我们必须求助于 dynamic SQL:
with engine.begin() as conn:
sql = "CREATE USER {} WITH PASSWORD {}".format("bob", "password123")
conn.exec_driver_sql(sql)
(显然,必须注意避免 Little Bobby Tables 来访。)