Closed arokosaki closed 6 years ago
What does your SQL query look like and how are you passing it to this library?
this is the query: " INSERT INTO NewswhipArticleData VALUES ('cityroom.blogs.nytimes.com','United States','http://cityroom.blogs.nytimes.com/2014/01/06/new-york-today-extreme-weather/','New York Today: Extreme Weather',':What you need to know for Monday: severe temperature drop, Three Kings Day events and the mayor speaks on pre-k.','ANDY NEWMAN','1446','425','2014-01-06T12:52:25','News','','False'); " I'm using this method Database().query()
thanks for replying (:
Records uses sqlalchemy's text()
function around for every query. This is what interprets anything starting with a colon as a bindparam, like you said.
From the sqlalchemy documentation
For SQL statements where a colon is required verbatim, as within an inline string, use a backslash to escape
t = text("SELECT * FROM users WHERE name='\:username'")
So use backslash to escape the colon. Alternatively, I would recommend using parameterization instead.
Tried the proposed escaping and it works for me. Closing.
I'm writing a db building script, I don't control the text that I write in to the db. one of the strings I tried to write in to the db contained the string ' :What ' in it. this was misinterpreted as a bind parameter, Given that it wasn't intended as such there was no value provided for it and an error was received (see bellow). Is there some way to escape the colon so it doesn't get misinterpreted?
the error:
sqlalchemy.exc.StatementError: (sqlalchemy.exc.InvalidRequestError) A value is required for bind parameter 'What' [SQL: "INSERT INTO NewswhipArticleData VALUES ('cityroom.blogs.nytimes.com','United States','http://cityroom.blogs.nytimes.com/2014/01/06/new-york-today-extreme-weather/','New York Today: Extreme Weather','? you need to know for Monday: severe temperature drop, Three Kings Day events and the mayor speaks on pre-k.','ANDY NEWMAN','1446','425','2014-01-06T12:52:25','News','','False');"] (Background on this error at: http://sqlalche.me/e/cd3x)