On Nov 22, 2013, at 2:08 PM, Michael Bayer <mike...@zzzcomputing.com> wrote:
>
> On Nov 22, 2013, at 1:11 PM, Ivan Kalinin <pupss...@gmail.com> wrote:
>
>> Hello there, fellow developers!
>>
>> We've recently run into a terrible problem.
>>
>> A small tool uses SQLAlchemy to execute statements read from a text file
>> against a database.
>>
>> The trouble comes when that pre-defined statement has a colon symbol in the
>> field value of a, say, INSERT statement.
>>
>> Like as follows:
>> INSERT INTO my_test_table values (123, ':bar')
>>
>> Running this statement with a plain session.execute(stmt) (where stmt
>> contains a unicode string with full statement) causes a StatementError with
>> a message like "A value is required for bind parameter u'bar'"
>>
>> However, I'm certain that parameter placeholders should not be parsed from
>> within string literals.
>>
>> Is there a way to tell SA that this statement should not be analyzed for
>> placeholders?
>>
>> Thanks in advance for help and advice!
>
> the string passed to session.execute() is wrapped with a text() construct,
> which does parse for bound parameters so that they may be type-processed and
> converted to the representation expected by the DBAPI (which is usually not
> the colon style). This parsing is pretty simplistic and does not expect
> that a quoted value would be directly embedded in the statement. there’s no
> escaping for those at the moment, so you have to skip the text() part here.
> To send a raw statement to the DBAPI layer without any processing, use the
> Connection object directly, that is, send session.connection().execute(stmt).
sorry, I’m partially incorrect here, you should escape out that colon with a
backslash:
>>> from sqlalchemy import text
>>> print text("INSERT INTO my_test_table values (123, '\\:bar')")
INSERT INTO my_test_table values (123, ':bar')
>>>
signature.asc
Description: Message signed with OpenPGP using GPGMail
