Re: [sqlalchemy] Documentation options
On Thu, 21 Mar 2019, Mike Bayer wrote: sounds like automap: https://docs.sqlalchemy.org/en/latest/orm/extensions/automap.html Mike, May I send you models.py (off the mail list) to check that I have correctly applied automap? TIA, Rich -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
Re: [sqlalchemy] RAW SQL working on Postgres but not in SQLAlchemy
Big thanks. Learned something new. On Tue, Mar 26, 2019, 11:24 PM Jonathan Vanasco wrote: > > > On Tuesday, March 26, 2019 at 1:46:37 PM UTC-4, Piyush Nalawade wrote: >> >> Hi Mike, >> >> In the above example does the text and params help to protect from SQL >> injection attacks? >> > > yes. > > see > https://docs.sqlalchemy.org/en/latest/core/sqlelement.html?#sqlalchemy.sql.expression.text > on > how the raw text is handled > > in terms of params, > https://docs.sqlalchemy.org/en/latest/core/sqlelement.html?#sqlalchemy.sql.expression.ClauseElement.params > > passing the values in via `params` invokes the database support for bind > parameters, which is what protects you from sql injection in values passed > in. > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlalchemy+unsubscr...@googlegroups.com. > To post to this group, send email to sqlalchemy@googlegroups.com. > Visit this group at https://groups.google.com/group/sqlalchemy. > For more options, visit https://groups.google.com/d/optout. > -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
Re: [sqlalchemy] RAW SQL working on Postgres but not in SQLAlchemy
On Tuesday, March 26, 2019 at 1:46:37 PM UTC-4, Piyush Nalawade wrote: > > Hi Mike, > > In the above example does the text and params help to protect from SQL > injection attacks? > yes. see https://docs.sqlalchemy.org/en/latest/core/sqlelement.html?#sqlalchemy.sql.expression.text on how the raw text is handled in terms of params, https://docs.sqlalchemy.org/en/latest/core/sqlelement.html?#sqlalchemy.sql.expression.ClauseElement.params passing the values in via `params` invokes the database support for bind parameters, which is what protects you from sql injection in values passed in. -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
Re: [sqlalchemy] RAW SQL working on Postgres but not in SQLAlchemy
Hi Mike, And also to avoid using format, right ? Thanks and Regards, Piyush Nalawade On Tue, Mar 26, 2019, 11:16 PM Piyush Nalawade wrote: > Hi Mike, > > In the above example does the text and params help to protect from SQL > injection attacks? > > On Tue, Mar 26, 2019, 11:04 PM Mike Bayer > wrote: > >> this would suggest your Engine is not accessing the same database, or >> does not have the same permissions, as that of your PG admin session. >> >> also I would strongly advise against directly substituting variables >> into literals in SQL strings using format() as this is the source of >> SQL injection attacks. Please use a bound parameter, e.g.: >> >> execute(text("select * from table where foo = :bar").params(bar='some >> bar')) >> >> >> >> On Tue, Mar 26, 2019 at 12:19 PM Scheck David wrote: >> > >> > Hi, >> > >> > I've a simple query as this : >> > >> > def count_references(self, uri): >> > sql = 'SELECT count(*) FROM (SELECT image.id, >> json_array_elements(image.uri_reference)::text as uri_ref FROM image) ss >> WHERE ss.uri_ref = \'\"{0}\"\''.format(uri) >> > result = self.session.execute(text(sql)) >> > >> > I tested It on pgadmin and all works very good. and SQLAlchemy is >> throwing an error as : >> > >> > sqlalchemy.exc.ProgrammingError: (psycopg2.ProgrammingError) relation >> "image" does not exist >> > >> > LINE 1: ...ements(image.uri_reference)::text as uri_ref FROM image) ss >> ... >> > >> > -- >> > SQLAlchemy - >> > The Python SQL Toolkit and Object Relational Mapper >> > >> > http://www.sqlalchemy.org/ >> > >> > To post example code, please provide an MCVE: Minimal, Complete, and >> Verifiable Example. See http://stackoverflow.com/help/mcve for a full >> description. >> > --- >> > You received this message because you are subscribed to the Google >> Groups "sqlalchemy" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to sqlalchemy+unsubscr...@googlegroups.com. >> > To post to this group, send email to sqlalchemy@googlegroups.com. >> > Visit this group at https://groups.google.com/group/sqlalchemy. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> SQLAlchemy - >> The Python SQL Toolkit and Object Relational Mapper >> >> http://www.sqlalchemy.org/ >> >> To post example code, please provide an MCVE: Minimal, Complete, and >> Verifiable Example. See http://stackoverflow.com/help/mcve for a full >> description. >> --- >> You received this message because you are subscribed to the Google Groups >> "sqlalchemy" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to sqlalchemy+unsubscr...@googlegroups.com. >> To post to this group, send email to sqlalchemy@googlegroups.com. >> Visit this group at https://groups.google.com/group/sqlalchemy. >> For more options, visit https://groups.google.com/d/optout. >> > -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
Re: [sqlalchemy] RAW SQL working on Postgres but not in SQLAlchemy
Hi Mike, In the above example does the text and params help to protect from SQL injection attacks? On Tue, Mar 26, 2019, 11:04 PM Mike Bayer wrote: > this would suggest your Engine is not accessing the same database, or > does not have the same permissions, as that of your PG admin session. > > also I would strongly advise against directly substituting variables > into literals in SQL strings using format() as this is the source of > SQL injection attacks. Please use a bound parameter, e.g.: > > execute(text("select * from table where foo = :bar").params(bar='some > bar')) > > > > On Tue, Mar 26, 2019 at 12:19 PM Scheck David wrote: > > > > Hi, > > > > I've a simple query as this : > > > > def count_references(self, uri): > > sql = 'SELECT count(*) FROM (SELECT image.id, > json_array_elements(image.uri_reference)::text as uri_ref FROM image) ss > WHERE ss.uri_ref = \'\"{0}\"\''.format(uri) > > result = self.session.execute(text(sql)) > > > > I tested It on pgadmin and all works very good. and SQLAlchemy is > throwing an error as : > > > > sqlalchemy.exc.ProgrammingError: (psycopg2.ProgrammingError) relation > "image" does not exist > > > > LINE 1: ...ements(image.uri_reference)::text as uri_ref FROM image) ss > ... > > > > -- > > SQLAlchemy - > > The Python SQL Toolkit and Object Relational Mapper > > > > http://www.sqlalchemy.org/ > > > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > > --- > > You received this message because you are subscribed to the Google > Groups "sqlalchemy" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to sqlalchemy+unsubscr...@googlegroups.com. > > To post to this group, send email to sqlalchemy@googlegroups.com. > > Visit this group at https://groups.google.com/group/sqlalchemy. > > For more options, visit https://groups.google.com/d/optout. > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlalchemy+unsubscr...@googlegroups.com. > To post to this group, send email to sqlalchemy@googlegroups.com. > Visit this group at https://groups.google.com/group/sqlalchemy. > For more options, visit https://groups.google.com/d/optout. > -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
Re: [sqlalchemy] RAW SQL working on Postgres but not in SQLAlchemy
this would suggest your Engine is not accessing the same database, or does not have the same permissions, as that of your PG admin session. also I would strongly advise against directly substituting variables into literals in SQL strings using format() as this is the source of SQL injection attacks. Please use a bound parameter, e.g.: execute(text("select * from table where foo = :bar").params(bar='some bar')) On Tue, Mar 26, 2019 at 12:19 PM Scheck David wrote: > > Hi, > > I've a simple query as this : > > def count_references(self, uri): > sql = 'SELECT count(*) FROM (SELECT image.id, > json_array_elements(image.uri_reference)::text as uri_ref FROM image) ss > WHERE ss.uri_ref = \'\"{0}\"\''.format(uri) > result = self.session.execute(text(sql)) > > I tested It on pgadmin and all works very good. and SQLAlchemy is throwing an > error as : > > sqlalchemy.exc.ProgrammingError: (psycopg2.ProgrammingError) relation "image" > does not exist > > LINE 1: ...ements(image.uri_reference)::text as uri_ref FROM image) ss ... > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlalchemy+unsubscr...@googlegroups.com. > To post to this group, send email to sqlalchemy@googlegroups.com. > Visit this group at https://groups.google.com/group/sqlalchemy. > For more options, visit https://groups.google.com/d/optout. -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
[sqlalchemy] RAW SQL working on Postgres but not in SQLAlchemy
Hi, I've a simple query as this : def count_references(self, uri): sql = 'SELECT count(*) FROM (SELECT image.id, json_array_elements(image.uri_reference)::text as uri_ref FROM image) ss WHERE ss.uri_ref = \'\"{0}\"\''.format(uri) result = self.session.execute(text(sql)) I tested It on pgadmin and all works very good. and SQLAlchemy is throwing an error as : sqlalchemy.exc.ProgrammingError: (psycopg2.ProgrammingError) relation "image" does not exist LINE 1: ...ements(image.uri_reference)::text as uri_ref FROM image) ss ... -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.