5

I have a simple table (named test) as: 

id     | integer                
name   | character varying(100) 
intval | integer

When I try to use prepare statement to update the name like this in python. (I am using python-pgsql http://pypi.python.org/pypi/python-pgsql/)

>>> for i in db.execute("select * from test"): print i
...
(1, 'FOO', None)
>>> query = "UPDATE test set name = '$1' where name = '$2'"
>>> cu.execute(query, "myname", "FOO")
Traceback (most recent call last):
  File "<input>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/pgsql.py", line 119, in execute
    ret = self._source.execute(operation, params)
ProgrammingError: ERROR:  could not determine data type of parameter $1

The demo file for the module can be seen at http://sprunge.us/VgLY?python.

Improve this question

1 Answer 1

Reset to default
16

I'm guessing that it could be your single quotes around $1 and $2 inside your string. In the main changes from PYGresql it says that:

  • support for bind parameters, alleviating the need for extensive, expensive and vulnerable quoting of user-supplied data

So I'm assuming the single quotes are overloading the string with too many quotes, or just breaking the parser in python-pgsql.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.