堆栈内存溢出
  简体   繁体   English

使用psycopg2将列名作为参数传递给PostgreSQL

[英]Pass column name as parameter to PostgreSQL using psycopg2

 原文  2014-12-04 09:04:08       python/ sql/ postgresql/ parameters/ psycopg2

问题描述

I'm trying to add columns to a table using psycopg2 我正在尝试使用psycopg2将列添加到表中

row1 below is a list of column names to be added to the table. 下面的row1是要添加到表中的列名的列表。 I can do it manually but when I try to do it programatically I get an error. 我可以手动进行操作,但是当我尝试以编程方式进行操作时,出现错误。 

for c in row1:
    cur.execute("ALTER TABLE HHV2PUB ADD COLUMN %s text", (c,))

The error is: 错误是: 

    cur.execute("ALTER TABLE HHV2PUB ADD COLUMN %s text", (c,))
psycopg2.ProgrammingError: syntax error at or near "'HOUSEID'"
LINE 1: ALTER TABLE HHV2PUB ADD COLUMN 'HOUSEID' text

My guess is that it has something to do with the single quotes '' 我的猜测是它与单引号有关''

2 个解决方案

解决方案1
 20 已采纳  2014-12-04 10:24:05

As of Psycopg 2.7 there is the safe sql module : 从Psycopg 2.7开始,有安全的sql模块 

from psycopg2 import sql

query = sql.SQL("alter table t add column {} text")

row1 = ('col1', 'col2')
for c in row1:
    cursor.execute(query.format(sql.Identifier(c)))

With 2.6 and earlier: 使用2.6及更早版本:

Use psycopg2.extensions.AsIs 使用psycopg2.extensions.AsIs

Adapter conform to the ISQLQuote protocol useful for objects whose string representation is already valid as SQL representation. 适配器符合ISQLQuote协议,该协议对字符串表示形式已作为SQL表示形式有效的对象很有用。 

import psycopg2
from psycopg2.extensions import AsIs

conn = psycopg2.connect("host=localhost4 port=5432 dbname=cpn")
cursor = conn.cursor()

query = "alter table t add column %s text"

row1 = ('col1', 'col2')
for c in row1:
    cursor.execute(query, (AsIs(c),))
conn.commit()

解决方案2
 6  2014-12-04 09:06:59

You cannot use SQL parameters for SQL object names . 您不能将SQL参数用于SQL对象名称 SQL parameters quote values explicitly so that they cannot be interpreted as such; SQL参数显式引用值,以使它们不能被这样解释; that is one of the major reasons to use SQL parameters otherwise . 这是否则使用SQL参数的主要原因之一。

You'll have to use string interpolation here. 您必须在这里使用字符串插值。 Be extremely careful that you are not using user input to produce c here: 要特别小心 ,不要在此处使用用户输入生成c 

for c in row1:
    cur.execute("ALTER TABLE HHV2PUB ADD COLUMN %s text" % c)

Psycopg2 does give you a method to mark parameters as 'already escaped' with psycopg2.extensions.AsIs() , but the intention is for this to be used on already escaped data instead. Psycopg2确实为您提供了一种使用psycopg2.extensions.AsIs()将参数标记为“已经转义”的方法,但其目的是将其用于已转义的数据

A much better idea is to use the psycopg2.sql extension to manage correct identifier escaping: 一个更好的主意是使用psycopg2.sql扩展名来管理正确的标识符转义: 

from psycopg2 import sql

for c in row1:
    cur.execute(
        sql.SQL("ALTER TABLE HHV2PUB ADD COLUMN {} text").format(
            sql.Identifier(c)))

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用psycopg2将值从熊猫系列传递到PostgreSQL查询 - Pass values from a pandas Series to PostgreSQL query using psycopg2 无法使用 psycopg2 将日期时间对象传递到 postgresql - Not able to pass datetime object into postgresql using psycopg2 使用 psycopg2 删除名称中带有引号的 postgreSQL 表 - drop postgreSQL table with Quotation Marks in name using psycopg2 Postgresql:如何使用psycopg2将表中的列复制到另一个? - Postgresql: how to copy a column from a table to another using psycopg2? 使用python,psycopg2和PostgreSQL直接引用python中的列名 - Direct reference of column names in python using python, psycopg2, and postgresql 当对psycopg2使用.format时,它会将其读取为列名,但使用%不会出现问题 - When using .format for psycopg2 it reads it as a column name but no issue using % psycopg2 期待 postgresql 中串行列的数据 - psycopg2 expecting data for serial column in postgresql 在 psycopg2 中将表名作为参数传递 - Passing table name as a parameter in psycopg2 无法为查询 psycopg2 传递表名 - Unable to Pass in Table Name for Query psycopg2 使用Psycopg2的Pandas DataFrame到PostgreSQL - Pandas DataFrame to PostgreSQL using Psycopg2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM