How to properly escape strings when manually building SQL queries in SQLAlchemy?

前端 未结 4 1039
我在风中等你
我在风中等你 2021-02-14 15:29

I am using SQLAlchemy to connect to different databases in Python, but not with the ORM support as this cannot be implemented due to several reasons.

Mainly I do build a

4条回答
  •  野的像风
    2021-02-14 16:10

    In cases where one must explicitly escape a string, and the standard tools don't align with the requirement, you can ask SQLAlchemy to escape using an engine's dialect.

    import sqlalchemy
    
    
    engine = sqlalchemy.create_engine(...)
    sqlalchemy.String('').literal_processor(dialect=engine.dialect)(value="untrusted value")
    

    In my case, I needed to dynamically create a database (sqlalchemy-utils has this functionality but it failed in my case) according to user input.

提交回复
热议问题