To give this thread closure: The vendor said that Sybase 11 makes a distinction between creating procedures and creating temporary procedures, and Sybase 9 treats all procedure creating the same and thus they can't give our read-only account this permission.
So we plan on upgrading to Sybase 11 soon. Thanks for your help! On Oct 21, 12:12 pm, Michael Bayer <mike...@zzzcomputing.com> wrote: > On Oct 21, 2011, at 4:02 PM, Firass Asad wrote: > > > > > > > Good day, > > > I am having trouble using sqlalchemy with a third-party Sybase 9 > > database with read-only permissions. I believe this is based on the > > way (certain versions of) Sybase handle prepared statements[1]. > > > Using pyodbc, this works: > > results = cursor.execute("select name from table where name='Bob'") > > > While this doesn't work: > > results = cursor.execute("select name from table where name = ?", > > ["Bob"]) > > > The error message is the following: > > ASA Error -121: Permission denied: you do not have permission to use > > the "CREATE PROCEDURE" statement (262) > > > So my question is, is there a way I can use sqlalchemy without using > > prepared statements? What are my options? > > you'd have very limited usage options here, and certainly the ORM would be > out of the question. You could pretty much only use > engine/connection.execute() with a straight string. > > you should inform the partner you're working with that it's a major security > hazard for the database to not accept bound parameter sets. Without them, > all applications are wide open for SQL injection attacks: > http://en.wikipedia.org/wiki/SQL_injection -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalchemy@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.