Skip site navigation (1) Skip section navigation (2)

Re: Change in datetime type casting

From: Federico Di Gregorio <fog(at)dndg(dot)it>
To: psycopg(at)postgresql(dot)org
Subject: Re: Change in datetime type casting
Date: 2012-06-29 15:22:06
Message-ID: 4FEDC81E.6080706@dndg.it (view raw or flat)
Thread:
Lists: psycopg
On 29/06/12 17:10, Adrian Klaver wrote:
>>>
>>> Is there a possibility it could find its way into psycopg2 proper?
>>
>> Using str() is wrong: at least you should use adapt() and .getquoted()
>> to avoid SQL-injection attacks.
> 
> The above was a quick and dirty hack. I am still working my way through
> the adaptation mechanism. In fact after I sent the previous, I had
> another thought:
> 
> class HstoreAdapter(object):
>     """Adapt a Python dict to the hstore syntax."""
>     def __init__(self, wrapped, stringify=False):
>         self.wrapped = wrapped
>     if stringify:
>             for k in self.wrapped:
>                     self.wrapped[k] = str(self.wrapped[k])
> 
> This would preserve present behavior in the default case. I just am not
> sure how to pass the stringify flag down through the register_hstore()
> process.

Nah, adapter can't take extra arguments. Given that what you actually
*get* from the database are just strings I agree with you that
transforming everything to string on input too is good. We can raise an
exception unless all key/values are already strings but that will put
burden on the user for no good reason.

Unless Daniele has string objections to it or beats me to the
implementation (as always) I'll push something working this week end.

federico

-- 
Federico Di Gregorio                         federico(dot)digregorio(at)dndg(dot)it
Studio Associato Di Nunzio e Di Gregorio                  http://dndg.it
 Il panda ha l'apparato digerente di un carnivoro (e.g., di un orso).
  Il panda ha scelto di cibarsi esclusivamente di germogli di bambù.
  Quindi, il panda è l'unico animale vegano del pianeta. Il panda
  merita di estinguersi.                       -- Maria, Alice, Federico

In response to

psycopg by date

Next:From: Daniele VarrazzoDate: 2012-06-29 15:29:51
Subject: Re: A very strange freeze
Previous:From: Adrian KlaverDate: 2012-06-29 15:10:33
Subject: Re: Change in datetime type casting

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group