My recommendation is to leave params unchanged in the code but update the
SQLAlchemy documentation so that .format is recommended over params (or, at
least, is recommended for this particular case).
On Thursday, July 28, 2016 at 12:11:13 PM UTC+10, Andrew M wrote:
>
> FYI, there seems to be a limitation of the implementation of params for
> textual SQL - params appears to silently insert single quotes, preventing
> the use of params to describe column names in the SQL query. The workaround
> is to use a conventional string with Python .format (which in my mind begs
> the question as to why SQLAlchemy needs its own method handling params ...
> ?).
>
> To explain, I was trying to use a parameter for the column name as well as
> the value:
>
> session.query(Table).filter(:column_name =
> :value).params(column_name='foo', value = 'bar')
>
> And when this didn't work, I tried putting :value in single quotes:
>
> session.query(Table).filter(:column_name =
> ':value').params(column_name='foo', value = 'bar')
>
> This threw an error which revealed that params was inserting single quotes
> (and preventing the use of params to describe column names, as column names
> can't be encapsulated in SQL):
>
> LINE 1: SELECT * FROM Table WHERE 'foo' = ''bar'' ...
>
> My workaround is to use from_statement with Python format:'
>
> session.query(Table).from_statement("SELECT * FROM Table WHERE
> {column_name} = '{value}'".format(column_name='foo', value='bar'))
>
> Regards,
> Andrew
>
> p.s. Am loving SQLAlchemy, thank you.
>
--
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to sqlalchemy+unsubscr...@googlegroups.com.
To post to this group, send email to sqlalchemy@googlegroups.com.
Visit this group at https://groups.google.com/group/sqlalchemy.
For more options, visit https://groups.google.com/d/optout.
