I have an include file that generates a handful of timestamp clauses: def sql_now(): return sqlalchemy.sql.text("(CURRENT_TIMESTAMP AT TIME ZONE 'UTC')")
def sql_now_minus_10_minutes(): return sqlalchemy.sql.text("(CURRENT_TIMESTAMP AT TIME ZONE 'UTC' - INTERVAL '10 MINUTES')") One of them needs to be driven by a configuration value : def sql_now_minus_interval(interval): return sqlalchemy.sql.text("(CURRENT_TIMESTAMP AT TIME ZONE 'UTC' - INTERVAL '%s')" % lib.constants.RATELIMIT_TIMEOUT_A) Is there anything I can do to protect myself from accidental sql injection ? This is all first-party code, so I'm not worried about a "little bobby tables" scenario, but am concerned with bad text getting named in the constant and breaking a query. -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at http://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.