Brooke-white
commented
1 year ago Hi @jaidisido , thank you for raising this issue. I took a look at pg8000's readme for this feature and agree this looks like a nice usability improvement. I will discuss adding this feature to our team's roadmap in our upcoming roadmap meeting next week. I'll update here with next steps.
The redshift connector currently supports parameterised queries (aka bind variables) which is great.
However some of our use cases require other parts of a Redshift SQL query to be dynamically created. These include components such as the table name, the schema... and are commonly referred to as Identifiers. For example
f"SELECT * FROM {schema}.{table}"Other libraries such as pg8000 and psycopg have developed modules to escape these variables via identifiers.
Beyond usability, the main advantage of this approach is that it helps with SQL injection attacks.