Open tomasfarias opened 4 years ago
I like the idea of the | identifier
filter, this is a good feature to have.
I think the db_engine
is also a good parameter. We could use db_engine
to also choose the right param_style
, and also use it to enable / disable certain database specific features. For example, postgres allows you to bind a list / dictionary, but other databases do not allow it.
So yes, I think this could be a good feature. I would be happy to take in a pull request!
Thanks for the input! I'll try to get a PR going for the weekend.
@sripathikrishnan @tomasfarias would love use this feature. will this be merged anytime soon?
PR has been awaiting review for a few months now. I have time to work on this and I am most willing to make changes to my branch if needed.
I'm revisiting this project after some time and can already think of a few potential changes to make maintenance and development easier, automatic code formatting via black being one of them. Unfortunately, it seems like it has become inactive somewhat: last release was in May 2020.
I'd also make use of this feature, and happy to help with anything that would help get it merged.
Can we template [schema].[table_name] with this library? I tried it with the current version and got a slightly unexpected result
SELECT *
FROM %s.%s
ORDER BY %s
OFFSET %s ROWS
FETCH NEXT %s ROWS ONLY
Looking at this issue with a fresh pair of eyes, some additional thoughts.
ANSI_QUOTES
, and then MySQL can also use double quotes. Since the same database can use different quote characters, this further strengthens my argument that we should not do an if condition on the db_engine.Based on this, my solution would be:
identifier_quote_character
, that defaults to double quotesidentifier
filter as discussed above, but quote on the basis of identifier_quote_characterI will try and get this out in the next few weeks. Thanks for all the help!
Currently, table names and field names can be used with the
sqlsafe
filter. Would it be possible to introduce a new filter to handle escaping for table names and field names?The motivation for this comes from a current bulk load job I'm working on which consists on a bunch of queries that all look the same except for table and schema that are fed from a configuration file. I'm currently using
psycopg2.sql
to handle escaping, but I'd prefer to remove the SQL code from the application. This would allow me to have access to Jinja features like template inheritance or tests to extend the bulk load job capabilities.psycopg2.sql
ends up usingPQescapeIdentifier
fromlibpq
to handle escaping, but we can do what the folks at diesel did and implement it ourselves (forgetting about encodings for the example).Adding something like this in
jinjasql/jinjasql/core.py
:Would allow for templates like:
To be rendered as:
Assuming a call to
prepare_query
like:j.prepare_query(template, {'table': ('my_schema', 'my_table')})
I understand this feature would be dependent on database system: this particular example would work with PostgreSQL but not with MySQL since double quotes for system identifiers are not a thing there. So the filter would need to be decorated with
contextfilter
so that adb_engine
parameter can be read from it and new environments can be added over time; really bad example:With the new attribute added to the environment:
edit: Forgot to add I'd be more than willing to implement something like this myself if it's deemed to be a good feature.