PostgreSQL ("PG") supports the notion of placeholders, as do many other
relational databases. The placeholder notation in PG uses $X within the SQL.
For example:
select foo
from bar
where bletch = $1
is valid SQL. The doller-notation allows re-use of positional parameters and
avoids SQL injection entirely by placing the input is appropriately-typed
buffers w/in the SQL statement handler. It also avoids issues with
double-interpolating quotes as the placeholders are not literals and do not
require SQL-quoting to be interpolated properly.
We have quite a bit of SQL here that has to be shared between Python and other
packages, so using standard PG SQL statements is required.
Q: Is there any way to prepare and execute standard PG SQL statements with
dollar placeholders in PsychoPG2?
Thanks
This message and any attachments are intended only for the use of the addressee
and may contain information that is privileged and confidential. If the reader
of the message is not the intended recipient or an authorized representative of
the intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication
in error, please notify us immediately by e-mail and delete the message and any
attachments from your system.
