2

i feel like this is a stupid question but i can't find anything anywhere.

I want to build an SQL query using psycopg2 where the user specifies the sort / order by column.. client-side its a javascript grid of data offering sorting / paging etc.

normal substitution practice doesn't work: (note the E'xx')

cur.mogrify('select * from table offset %s limit %s order by %s', [0,5,'sort_column'])
>>> "select * from table offset 0 limit 5 order by E'sort_column'"

short of cleansing / substituting the order by clause in myself, what is the recommended way to do this ?

am i a duplicate of: psycopg2 E' on table, field and schema ?

cheers

-i

Improve this question
0

1 Answer 1

Reset to default
2

Entity names (tables/columns etc...) in Python's DBAPI shouldn't be run through any place holder processing as variables are supposed to be. You will have to do your own formatting:

'select * from table offset %s limit %s order by %s' % (0,5,'sort_column')

But do use the proper escaping/placeholder functions for WHERE var = %s etc...

Improve this answer
1
  • ok thanks.. if that's the way it is then that's the way it is. Commented Jul 19, 2012 at 16:23

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.