> On Mar 8, 2019, at 11:57 AM, Mike Bayer <[email protected]> wrote: > > this use is insecure and is not supported. SQLAlchemy's bound > parameter rendering is only intended for debugging and for special DDL > scenarios and should not be used for ordinary SQL statements passed to > a database.
Would you mind expanding upon why this use is insecure? What sort of problems would you expect to encounter? Any suggestions for how you’d put together a secure version of this use case? -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
