Hi Mike,
In the above example does the text and params help to protect from SQL
injection attacks?
On Tue, Mar 26, 2019, 11:04 PM Mike Bayer <mike...@zzzcomputing.com> wrote:
> this would suggest your Engine is not accessing the same database, or
> does not have the same permissions, as that of your PG admin session.
>
> also I would strongly advise against directly substituting variables
> into literals in SQL strings using format() as this is the source of
> SQL injection attacks. Please use a bound parameter, e.g.:
>
> execute(text("select * from table where foo = :bar").params(bar='some
> bar'))
>
>
>
> On Tue, Mar 26, 2019 at 12:19 PM Scheck David <da...@sphax.it> wrote:
> >
> > Hi,
> >
> > I've a simple query as this :
> >
> > def count_references(self, uri):
> > sql = 'SELECT count(*) FROM (SELECT image.id,
> json_array_elements(image.uri_reference)::text as uri_ref FROM image) ss
> WHERE ss.uri_ref = \'\"{0}\"\''.format(uri)
> > result = self.session.execute(text(sql))
> >
> > I tested It on pgadmin and all works very good. and SQLAlchemy is
> throwing an error as :
> >
> > sqlalchemy.exc.ProgrammingError: (psycopg2.ProgrammingError) relation
> "image" does not exist
> >
> > LINE 1: ...ements(image.uri_reference)::text as uri_ref FROM image) ss
> ...
> >
> > --
> > SQLAlchemy -
> > The Python SQL Toolkit and Object Relational Mapper
> >
> > http://www.sqlalchemy.org/
> >
> > To post example code, please provide an MCVE: Minimal, Complete, and
> Verifiable Example. See http://stackoverflow.com/help/mcve for a full
> description.
> > ---
> > You received this message because you are subscribed to the Google
> Groups "sqlalchemy" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to sqlalchemy+unsubscr...@googlegroups.com.
> > To post to this group, send email to sqlalchemy@googlegroups.com.
> > Visit this group at https://groups.google.com/group/sqlalchemy.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> SQLAlchemy -
> The Python SQL Toolkit and Object Relational Mapper
>
> http://www.sqlalchemy.org/
>
> To post example code, please provide an MCVE: Minimal, Complete, and
> Verifiable Example. See http://stackoverflow.com/help/mcve for a full
> description.
> ---
> You received this message because you are subscribed to the Google Groups
> "sqlalchemy" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sqlalchemy+unsubscr...@googlegroups.com.
> To post to this group, send email to sqlalchemy@googlegroups.com.
> Visit this group at https://groups.google.com/group/sqlalchemy.
> For more options, visit https://groups.google.com/d/optout.
>
--
SQLAlchemy -
The Python SQL Toolkit and Object Relational Mapper
http://www.sqlalchemy.org/
To post example code, please provide an MCVE: Minimal, Complete, and Verifiable
Example. See http://stackoverflow.com/help/mcve for a full description.
---
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to sqlalchemy+unsubscr...@googlegroups.com.
To post to this group, send email to sqlalchemy@googlegroups.com.
Visit this group at https://groups.google.com/group/sqlalchemy.
For more options, visit https://groups.google.com/d/optout.
