| From: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> |
|---|---|
| To: | psycopg(at)postgresql(dot)org |
| Subject: | Re: Change in datetime type casting |
| Date: | 2012-06-29 15:10:33 |
| Message-ID: | 4FEDC569.4010006@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
On 06/29/2012 07:59 AM, Federico Di Gregorio wrote:
> On 29/06/12 16:51, Adrian Klaver wrote:
>>> If writing a date in and reading a string out is enough for your
>>> application, you can easily write your own specialized hstore adapter
>>> based on the code in extras.py.
>> and
>> The following change in extras.py solves the problem for dates and other
>> non string types.:
>>
>> class HstoreAdapter(object):
>> """Adapt a Python dict to the hstore syntax."""
>> def __init__(self, wrapped):
>> self.wrapped = wrapped
>> for k in self.wrapped: <--
>> self.wrapped[k] = str(self.wrapped[k]) <--
>>
>> Is there a possibility it could find its way into psycopg2 proper?
>
> Using str() is wrong: at least you should use adapt() and .getquoted()
> to avoid SQL-injection attacks.
The above was a quick and dirty hack. I am still working my way through
the adaptation mechanism. In fact after I sent the previous, I had
another thought:
class HstoreAdapter(object):
"""Adapt a Python dict to the hstore syntax."""
def __init__(self, wrapped, stringify=False):
self.wrapped = wrapped
if stringify:
for k in self.wrapped:
self.wrapped[k] = str(self.wrapped[k])
This would preserve present behavior in the default case. I just am not
sure how to pass the stringify flag down through the register_hstore()
process.
>
> But I think that adding something like that would be fine. Daniele?
>
> federico
>
--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Federico Di Gregorio | 2012-06-29 15:22:06 | Re: Change in datetime type casting |
| Previous Message | Adrian Klaver | 2012-06-29 15:06:52 | Re: Change in datetime type casting |