Hi Mike, In the above example does the text and params help to protect from SQL injection attacks?
On Tue, Mar 26, 2019, 11:04 PM Mike Bayer <mike...@zzzcomputing.com> wrote: > this would suggest your Engine is not accessing the same database, or > does not have the same permissions, as that of your PG admin session. > > also I would strongly advise against directly substituting variables > into literals in SQL strings using format() as this is the source of > SQL injection attacks. Please use a bound parameter, e.g.: > > execute(text("select * from table where foo = :bar").params(bar='some > bar')) > > > > On Tue, Mar 26, 2019 at 12:19 PM Scheck David <da...@sphax.it> wrote: > > > > Hi, > > > > I've a simple query as this : > > > > def count_references(self, uri): > > sql = 'SELECT count(*) FROM (SELECT image.id, > json_array_elements(image.uri_reference)::text as uri_ref FROM image) ss > WHERE ss.uri_ref = \'\"{0}\"\''.format(uri) > > result = self.session.execute(text(sql)) > > > > I tested It on pgadmin and all works very good. and SQLAlchemy is > throwing an error as : > > > > sqlalchemy.exc.ProgrammingError: (psycopg2.ProgrammingError) relation > "image" does not exist > > > > LINE 1: ...ements(image.uri_reference)::text as uri_ref FROM image) ss > ... > > > > -- > > SQLAlchemy - > > The Python SQL Toolkit and Object Relational Mapper > > > > http://www.sqlalchemy.org/ > > > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > > --- > > You received this message because you are subscribed to the Google > Groups "sqlalchemy" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to sqlalchemy+unsubscr...@googlegroups.com. > > To post to this group, send email to sqlalchemy@googlegroups.com. > > Visit this group at https://groups.google.com/group/sqlalchemy. > > For more options, visit https://groups.google.com/d/optout. > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlalchemy+unsubscr...@googlegroups.com. > To post to this group, send email to sqlalchemy@googlegroups.com. > Visit this group at https://groups.google.com/group/sqlalchemy. > For more options, visit https://groups.google.com/d/optout. > -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at https://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.