I am having the same problem as: python adds "E" t开发者_JAVA技巧o string
All the answers given are relevant, but I am breaking my neck on this one.
The problem is that psycopg2 not only escapes values, but also schema, table and column names like this:
CREATE TABLE E'Tablename' (E'identificatie' VARCHAR(16))
Which it simply shouldn't! How van I get rid of the E and '' for table names and columns but maintain them for field values?
the alternative
'CREATE TABLE ' + tablename + ' (' + fieldname... %
makes it vulnerable to sql injection all over again.
Stuck between a rock and a hard place..
It is, for better or worse, generally not supported by the Python interfaces and Psycopg in particular to substitute user-supplied identifiers into SQL commands. You will have to roll your own. It can be done with a few lines of code.
Ok, thanks Peter, at least I know not to look any further. I decided to take a different approach:
Use a script file to generate the database instead of generating it from code. This will make it more easy to have "versioning" on the database.
Meanwhile, I am taking a look at sqlalchemy http://www.sqlalchemy.org/ which pretty much does what I want but is currently a step to far as it requires a drastic restructure of the application I am rebuilding
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论