allow name parametr llike this!

MagicStack / asyncpg

A fast PostgreSQL Database Client Library for Python/asyncio.

Apache License 2.0

6.99k stars 404 forks source link

allow name parametr llike this! #1023

Open koshak01 opened 1 year ago

koshak01 commented 1 year ago

Like this: "SELECT company FROM company WHERE approved=%(approved)s"

not this : SELECT company FROM company WHERE approved = ${approved}

not this : SELECT company FROM company WHERE approved = $1

can you make easy, i have lot of code, i can't rewrite all my code (

dimaqq commented 1 year ago

Perhaps OP would like to consider SQL injection in their request.

JesseDeLoore commented 1 year ago

You can use https://pypi.org/project/sqlparams/ to convert from any preferred style into the numeric dollar style. E.g.

import sqlparams as sqlparams

query = sqlparams.SQLParams("pyformat", "numeric_dollar")
fmt_qry, args = query.format("SELECT company FROM company WHERE approved = %(approved)s", {"approved":True})
...
value = await cursor.fetchrow(fmt_qry, *args)