I have an include file that generates a handful of timestamp clauses:
def sql_now():
return sqlalchemy.sql.text("(CURRENT_TIMESTAMP AT TIME ZONE 'UTC')")
def sql_now_minus_10_minutes():
return sqlalchemy.sql.text("(CURRENT_TIMESTAMP AT TIME ZONE 'UTC' -
INTERVAL '10 MINUTES')")
One of them needs to be driven by a configuration value :
def sql_now_minus_interval(interval):
return sqlalchemy.sql.text("(CURRENT_TIMESTAMP AT TIME ZONE 'UTC' -
INTERVAL '%s')" % lib.constants.RATELIMIT_TIMEOUT_A)
Is there anything I can do to protect myself from accidental sql injection
? This is all first-party code, so I'm not worried about a "little bobby
tables" scenario, but am concerned with bad text getting named in the
constant and breaking a query.
--
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to sqlalchemy+unsubscr...@googlegroups.com.
To post to this group, send email to sqlalchemy@googlegroups.com.
Visit this group at http://groups.google.com/group/sqlalchemy.
For more options, visit https://groups.google.com/d/optout.
