Safely Specifying 'order By' Clause From User Input In Python / Postgresql / Psycopg2

January 23, 2024 Post a Comment

i feel like this is a stupid question but i can't find anything anywhere. I want to build an SQL query using psycopg2 where the user specifies the sort / order by column.. client-s

Solution 1:

Entity names (tables/columns etc...) in Python's DBAPI shouldn't be run through any place holder processing as variables are supposed to be. You will have to do your own formatting:

'select * from table offset %s limit %s order by %s' % (0,5,'sort_column')

But do use the proper escaping/placeholder functions for WHERE var = %s etc...

Baca Juga

Targeting Specific Values From Json Api And Inserting Into Postgresql, Using Python
Psycopg2 Python Ssl Support Is Not Compiled In
Internalerror: Current Transaction Is Aborted, Commands Ignored Until End Of Transaction Block

Getting Started with Python

Safely Specifying 'order By' Clause From User Input In Python / Postgresql / Psycopg2

Solution 1:

Post a Comment for "Safely Specifying 'order By' Clause From User Input In Python / Postgresql / Psycopg2"