Parameterized queries with psycopg2 / Python DB-API and PostgreSQL

by

psycopg2 follows the rules for DB-API 2.0 (set down in PEP-249). That means you can call execute method from your cursor object and use the pyformat binding style, and it will do the escaping for you. For example, the following should be safe (and work):

cursor.execute("SELECT * FROM student WHERE last_name = %(lname)s", 
               {"lname": "Robert'); DROP TABLE students;--"})

More Related Contents:

  1. psycopg2: insert multiple rows with one query
  2. Passing table name as a parameter in psycopg2
  3. DatabaseError: current transaction is aborted, commands ignored until end of transaction block?
  4. error installing psycopg2, library not found for -lssl
  5. Error: pg_config executable not found when installing psycopg2 on Alpine in Docker
  6. How to set up a PostgreSQL database in Django
  7. psycopg2.OperationalError: FATAL: unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0
  8. Psycopg2 image not found
  9. Error Installing Psycopg2 on MacOS 10.9.5
  10. sqlalchemy.exc.NoSuchModuleError: Can’t load plugin: sqlalchemy.dialects:postgres
  11. Create a Postgres database using python
  12. Python/postgres/psycopg2: getting ID of row just inserted
  13. Escape SQL “LIKE” value for Postgres with psycopg2
  14. How to set connection timeout in SQLAlchemy
  15. Mac + virtualenv + pip + postgresql = Error: pg_config executable not found
  16. “Failed building wheel for psycopg2” – MacOSX using virtualenv and pip
  17. Psycopg2, Postgresql, Python: Fastest way to bulk-insert
  18. Insert Python Dictionary using Psycopg2
  19. Use binary COPY table FROM with psycopg2
  20. How Postgresql COPY TO STDIN With CSV do on conflic do update?
  21. Executing multiple statements with Postgresql via SQLAlchemy does not persist changes
  22. Use Django ORM as standalone [duplicate]
  23. Django connection to postgres by docker-compose
  24. Import psycopg2 Library not loaded: libssl.1.0.0.dylib
  25. How can I use psycopg2.extras in sqlalchemy?
  26. python pip install psycopg2 install error
  27. Creating partial unique index with sqlalchemy on Postgres
  28. Filling Many2many field (odoo 8)
  29. SQLAlchemy func.count on boolean column
  30. Django-DB-Migrations: cannot ALTER TABLE because it has pending trigger events

Leave a Comment