On Thu, Jul 11, 2013 at 4:30 PM, Richard Gomes <rgomes.i...@gmail.com> wrote: > hello, > > I've previously defined inserts and updates by hand in my application, which > is working fine, not using SQLAlchemy at the moment. > At this point, I'd like to employ SQLAlchemy to generate these inserts and > updates for me. And that's all. > I mean: just generate the queries for me. I'm not going to execute via > SQLAlchemy at this point. > > > I did the test below: > > engine = create_engine('postgresql://localhost/sample') > metadata = MetaData() > metadata.bind = engine > t = metadata.tables['company_valuation_measures'] > print(str( > t.update().values(trailing_pe=1.0).where(t.c.symbol=='dummy').where(t.c.date=='dummy') > )) > > > I obtained: > > UPDATE company_valuation_measures > SET trailing_pe=%(trailing_pe)s > WHERE company_valuation_measures.symbol = %(symbol_1)s AND > company_valuation_measures.date = %(date_1)s > > > The trouble is: field names are 'symbol' and 'date', not 'symbol_1', not > 'date_1'. > > Could someone point out what I'm doing wrong? >
SQLAlchemy uses bind parameters when executing SQL - ie. the values don't get substituted into the SQL string, but get passed to the underlying DBAPI module separately. This is generally what you want, as bind parameters avoid potential SQL-injection security holes. There is a recipe on the wiki for getting the SQL string with the parameters inserted, but you should read the warning at the top carefully and fully understand the dangers: http://www.sqlalchemy.org/trac/wiki/UsageRecipes/BindsAsStrings Hope that helps, Simon -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at http://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/groups/opt_out.