Replacing : with "${" at the beginning of the word and adding "}" at the end of the word
Cameron Simpson
cs at cskk.id.au
Tue Oct 2 18:18:13 EDT 2018
On 02Oct2018 06:04, zljubisic at gmail.com <zljubisic at gmail.com> wrote:
>I have to execute the same sql in two different programs.
>Each of them marks parameters differently.
Then you are MUCH better off assembling the SQL using come kind of query
constructor, which correctly inserts parameter placeholders is the correct
dialogue.
>Anyway, I have found the solution.
>cnv_sel = re.sub(r"(:(.+?)\b)", r"${\2}", sel)
That is a recipe for making unsafe SQL. It does not honour quotes. It does not
ensure parameter names are identifiers (which may be vital).
Please look into a library for constructing SQL. My favourite general purpose
one is SQLAlchemy, which lets you write very nice Python expressions which get
turned safely into dialect specific SQL.
Cheers,
Cameron Simpson <cs at cskk.id.au>
More information about the Python-list
mailing list