Closed Riqardos closed 7 months ago
Hi @Riqardos,
thanks for reaching out. we have some documentation improvements coming in our next release that address this. there's a slight modification needed to your code
please change
cursor.execute('CREATE SCHEMA IF NOT EXISTS %s;',("example"))
to this
cursor.execute('CREATE SCHEMA IF NOT EXISTS %s;',("example",))
note the trailing comma -- the second argument passed to execute needs to be either a tuple/list or dictionary based on which paramstyle is used.
Hi @Brooke-white
thanks for reply, I tried to add the trailing comma as you mentioned, but still getting the same issue :/
I have installed redshift-connector 2.0.915
Hey @Riqardos , I am able to reproduce this on my end. The root cause is that Redshift server does not support use of bind parameters for CREATE SCHEMA
statements.
The best suggestion I can offer at this time is to use the approach you found to work above as well as ensuring the variable storing the name of the schema comes from a trusted source/has been sanitized, as this approach is vulnerable to SQL injection. Please refer to best practices for avoiding SQL injection for more specific recommendations.
In parallel, I will work to open a feature request for bind parameter support for CREATE SCHEMA
with the Redshift server team and provide tracking information for that request in this GitHub issue.
reference: RedshiftDP-56518
Hi folks, to request prioritization for this issue I recommend to reach out to AWS Support referencing RedshiftDP-56518
Driver version
Redshift version
PostgreSQL 8.0.2 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3), Redshift 1.0.58814\x00
Client Operating System
MacOS 14.1 (23B74)
Python version
3.8
Table schema
Whatever statement with
bind_params
Problem description
Have problem running SQL statement with
bind_params
according this docsE.g. this statement
results in
but running it like this works
Python Driver trace logs
Reproduction code