Thanks! I owe you one.
On 26 Apr, 00:05, Michael Bayer <[email protected]> wrote:
> the "func" construct described in the documentation is the usual way
> to render any SQL function, such as
> sess.execute(func.sp_add_tag(user.id, self.id, value.lower()))
>
> On Apr 25, 2009, at 11:16 PM, Eric wrote:
>
>
>
> > I have a function in a PostgreSQL DB I need to execute that returns
> > nothing. I was told by peers that this is the proper way to do it:
>
> > meta.Session.execute("SELECT sp_add_tag('%s', '%s', '%s')" % (user.id,
> > self.id, value.lower() ))
>
> > BUT this gives us issues with characters like single quotes and SQL
> > injections. What is the best way to handle this situation?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/sqlalchemy?hl=en
-~----------~----~----~----~------~----~------~--~---
