/ - Diff - BIEN 3 - NCEAS Projects

« Previous | Next »

Revision 2077

sql.py: Added clean_name(). Use it where needed to make an escaped name appendable as a string.

     ##### Input validation
     def clean_name(name): return re.sub(r'\W', r'', name)
     def check_name(name):
         if re.search(r'\W', name) != None: raise NameException('Name "'+name
             +'" may contain only alphanumeric characters and _')
-...
         if embeddable:
             # Create function
             function = 'pg_temp.'+('_'.join(['insert_returning', table] + cols))
             function = 'pg_temp.'+('_'.join(map(clean_name,
                 ['insert_returning', table] + cols)))
             return_type = 'SETOF '+table+'.'+returning+'%TYPE'
             function_query = '''\
     CREATE OR REPLACE FUNCTION '''+function+'''() RETURNS '''+return_type+'''
-...
     def put(db, table, row, pkey, row_ct_ref=None):
         '''Recovers from errors.
         Only works under PostgreSQL (uses `INSERT ... RETURNING`)'''
         Only works under PostgreSQL (uses INSERT RETURNING).
         '''
         try:
             cur = try_insert(db, table, row, pkey)
             if row_ct_ref != None and cur.rowcount >= 0:

Also available in: Unified diff