表,字段和模式上的psycopg2 E' [英] psycopg2 E' on table, field and schema
问题描述
我遇到了与以下问题相同的问题:
python添加 E;
给出的所有答案都是相关的,但我对此很不满意。
问题在于psycopg2不仅转义了值,而且还转义了架构,表和列名,如下所示:
创建表E'Tablename '(E'identificatie'VARCHAR(16))
这根本不应该!我怎样才能摆脱表名和列的E和'',却保留它们的字段值?
替代方法
'CREATE TABLE'+ tablename +'('+字段名...%
使它再次容易受到sql注入的攻击。</ p>
卡在岩石和坚硬的地方之间。
不管是好是坏,Python接口和Psycopg通常不支持,尤其是将用户提供的标识符替换为SQL命令。必须自己动手。只需用几行代码即可完成。
I am having the same problem as: python adds "E" to string
All the answers given are relevant, but I am breaking my neck on this one.
The problem is that psycopg2 not only escapes values, but also schema, table and column names like this:
CREATE TABLE E'Tablename' (E'identificatie' VARCHAR(16))
Which it simply shouldn't! How van I get rid of the E and '' for table names and columns but maintain them for field values?
the alternative
'CREATE TABLE ' + tablename + ' (' + fieldname... %
makes it vulnerable to sql injection all over again.
Stuck between a rock and a hard place..
It is, for better or worse, generally not supported by the Python interfaces and Psycopg in particular to substitute user-supplied identifiers into SQL commands. You will have to roll your own. It can be done with a few lines of code.
这篇关于表,字段和模式上的psycopg2 E'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
