There is new activity in the "original" pg8000 repo, but AFAIK some of my changes where not merged, and others where not addressd, but you could try that:
https://github.com/mfenniak/pg8000 About escaping, the difference with psycopg2 is that pg8000 uses the more advanced query protocol (Prepared Statement) that don't requires escaping and inlining the parameters in the SQL query (so, in theory, it is even safer than psycopg2. and more straightforward as it allows binary parameters directly). Another advantages of de prepared statement protocol is that it could be parsed/analyzed once, and executed many times, that should be faster in some circumstances. IIRC, psycopg2 uses the simple query protocol, with inlined parameters directly in the SQL. It has a mogrify function that escapes the parameters, that should be migrated to pg8000 to avoid this kind of issues, or better, just use the DBAPI call with parameters, so no scaping will be required (IIRC, this is not supported by web2py right now). Sadly, many connectors have different implentation of the DBAPI, so it would not be trivial to adapt, see for example: http://www.python.org/dev/peps/pep-0249/#paramstyle Also, psycopg2 uses libpq (the postgresql client C library), so it will be a lot faster (but a bit harder to install in some scenarios). Its depends highly on which kind of application you're writting (for simple apps, there wouldn't be a significative difference). BTW, if you have a test case with web2py, I could help to fix the issues with pg8000. Best regards, Mariano Reingart http://www.sistemasagiles.com.ar http://reingart.blogspot.com On Thu, May 2, 2013 at 10:13 AM, Massimo Di Pierro <[email protected]> wrote: > I do not remember what the bugs were but they were related to escaping and > this poses a security issue. It has not been fixed to my knowledge. > > > On Thursday, 2 May 2013 03:02:26 UTC-5, Marin Pranjić wrote: >> >> I remember pg8000 having some bugs and I'm not sure if they are fixed. >> >> psycopg2 should be better choice >> >> Marin >> >> >> On Thu, May 2, 2013 at 1:59 AM, Marco Túlio Cícero de M. Porto >> <[email protected]> wrote: >>> >>> Are there any advantages on one or another or are they basically the same >>> thing? >>> I'm using psycopg2 atm. >>> >>> -- >>> []'s >>> Marco Tulio >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
