On Nov 22, 2013, at 2:08 PM, Michael Bayer <mike...@zzzcomputing.com> wrote:
> > On Nov 22, 2013, at 1:11 PM, Ivan Kalinin <pupss...@gmail.com> wrote: > >> Hello there, fellow developers! >> >> We've recently run into a terrible problem. >> >> A small tool uses SQLAlchemy to execute statements read from a text file >> against a database. >> >> The trouble comes when that pre-defined statement has a colon symbol in the >> field value of a, say, INSERT statement. >> >> Like as follows: >> INSERT INTO my_test_table values (123, ':bar') >> >> Running this statement with a plain session.execute(stmt) (where stmt >> contains a unicode string with full statement) causes a StatementError with >> a message like "A value is required for bind parameter u'bar'" >> >> However, I'm certain that parameter placeholders should not be parsed from >> within string literals. >> >> Is there a way to tell SA that this statement should not be analyzed for >> placeholders? >> >> Thanks in advance for help and advice! > > the string passed to session.execute() is wrapped with a text() construct, > which does parse for bound parameters so that they may be type-processed and > converted to the representation expected by the DBAPI (which is usually not > the colon style). This parsing is pretty simplistic and does not expect > that a quoted value would be directly embedded in the statement. there’s no > escaping for those at the moment, so you have to skip the text() part here. > To send a raw statement to the DBAPI layer without any processing, use the > Connection object directly, that is, send session.connection().execute(stmt). sorry, I’m partially incorrect here, you should escape out that colon with a backslash: >>> from sqlalchemy import text >>> print text("INSERT INTO my_test_table values (123, '\\:bar')") INSERT INTO my_test_table values (123, ':bar') >>>
signature.asc
Description: Message signed with OpenPGP using GPGMail