On Nov 22, 2013, at 1:11 PM, Ivan Kalinin <pupss...@gmail.com> wrote:
> Hello there, fellow developers! > > We've recently run into a terrible problem. > > A small tool uses SQLAlchemy to execute statements read from a text file > against a database. > > The trouble comes when that pre-defined statement has a colon symbol in the > field value of a, say, INSERT statement. > > Like as follows: > INSERT INTO my_test_table values (123, ':bar') > > Running this statement with a plain session.execute(stmt) (where stmt > contains a unicode string with full statement) causes a StatementError with a > message like "A value is required for bind parameter u'bar'" > > However, I'm certain that parameter placeholders should not be parsed from > within string literals. > > Is there a way to tell SA that this statement should not be analyzed for > placeholders? > > Thanks in advance for help and advice! the string passed to session.execute() is wrapped with a text() construct, which does parse for bound parameters so that they may be type-processed and converted to the representation expected by the DBAPI (which is usually not the colon style). This parsing is pretty simplistic and does not expect that a quoted value would be directly embedded in the statement. there’s no escaping for those at the moment, so you have to skip the text() part here. To send a raw statement to the DBAPI layer without any processing, use the Connection object directly, that is, send session.connection().execute(stmt).
signature.asc
Description: Message signed with OpenPGP using GPGMail