从Psycopg 2.7开始,有安全
sql模块:
from psycopg2 import sqlquery = sql.SQL("alter table t add column {} text")row1 = ('col1', 'col2')for c in row1: cursor.execute(query.format(sql.Identifier(c)))使用2.6及更早版本:
采用
psycopg2.extensions.AsIs
适配器符合ISQLQuote协议,该协议对字符串表示形式已作为SQL表示形式有效的对象很有用。
import psycopg2from psycopg2.extensions import AsIsconn = psycopg2.connect("host=localhost4 port=5432 dbname=cpn")cursor = conn.cursor()query = "alter table t add column %s text"row1 = ('col1', 'col2')for c in row1: cursor.execute(query, (AsIs(c),))conn.commit()
