On Oct 21, 2011, at 4:02 PM, Firass Asad wrote: > Good day, > > I am having trouble using sqlalchemy with a third-party Sybase 9 > database with read-only permissions. I believe this is based on the > way (certain versions of) Sybase handle prepared statements[1]. > > > Using pyodbc, this works: > results = cursor.execute("select name from table where name='Bob'") > > While this doesn't work: > results = cursor.execute("select name from table where name = ?", > ["Bob"]) > > The error message is the following: > ASA Error -121: Permission denied: you do not have permission to use > the "CREATE PROCEDURE" statement (262) > > > So my question is, is there a way I can use sqlalchemy without using > prepared statements? What are my options?
you'd have very limited usage options here, and certainly the ORM would be out of the question. You could pretty much only use engine/connection.execute() with a straight string. you should inform the partner you're working with that it's a major security hazard for the database to not accept bound parameter sets. Without them, all applications are wide open for SQL injection attacks: http://en.wikipedia.org/wiki/SQL_injection -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalchemy@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.