def getquoted(self): # this is the important line: note how every object in the # list is adapted and then how getquoted() is called on it qobjs = [str(psycoadapt(o).getquoted()) for o in self._seq] return '(' + ', '.join(qobjs) + ')'
def post(self, convo_id): json_dict = request.get_json() clean_sug = psycoadapt( json_dict['suggestion']).getquoted() if validate_suggestion( clean_sug ) == True: with get_db() as cur: cur.execute("""INSERT INTO suggestions( user_id, convo_id, suggestion ) SELECT %s,%s, %s RETURNING row_to_json(suggestions.*);""" % ( str(current_user.id), str(convo_id), clean_sug) ) cur.connection.commit() res = cur.fetchone() res[0]['username'] = current_user.username return res[0], 201 else: error_dict = dict() error_dict['suggestion'] = ["Suggestions must be between 1 and 300 characaters."] return jsonify(**error_dict)
def post(self): json_dict = request.get_json() data, errors = UserSchema().load( json_dict ) if bool(errors) is True: return jsonify(**errors) with get_db() as cur: clean_username = psycoadapt( data['username']).getquoted() user_exists = UserByName( clean_username ) if user_exists is not None: error_dict = { 'username': ['Username is already being used.'] } return jsonify(**error_dict) password_hash = generate_password_hash( data['password'] ) cur.execute("INSERT INTO users(username, password) SELECT %s, \'%s\';" % (clean_username, password_hash) ) cur.connection.commit() return '', 201
pass def getquoted(self): # this is the important line: note how every object in the # list is adapted and then how getquoted() is called on it qobjs = [str(psycoadapt(o).getquoted()) for o in self._seq] return '(' + ', '.join(qobjs) + ')' __str__ = getquoted # add our new adapter class to psycopg list of adapters register_adapter(tuple, SQL_IN) register_adapter(float, AsIs) register_adapter(int, AsIs) # usually we would call: # # conn = psycopg.connect("...") # curs = conn.cursor() # curs.execute("SELECT ...", (("this", "is", "the", "tuple"),)) # # but we have no connection to a database right now, so we just check # the SQL_IN class by calling psycopg's adapt() directly: if __name__ == '__main__': print("Note how the string will be SQL-quoted, but the number will not:") print(psycoadapt(("this is an 'sql quoted' str\\ing", 1, 2.0)))
pass def getquoted(self): # this is the important line: note how every object in the # list is adapted and then how getquoted() is called on it qobjs = [str(psycoadapt(o).getquoted()) for o in self._seq] return '(' + ', '.join(qobjs) + ')' __str__ = getquoted # add our new adapter class to psycopg list of adapters register_adapter(tuple, SQL_IN) register_adapter(float, AsIs) register_adapter(int, AsIs) # usually we would call: # # conn = psycopg.connect("...") # curs = conn.cursor() # curs.execute("SELECT ...", (("this", "is", "the", "tuple"),)) # # but we have no connection to a database right now, so we just check # the SQL_IN class by calling psycopg's adapt() directly: if __name__ == '__main__': print "Note how the string will be SQL-quoted, but the number will not:" print psycoadapt(("this is an 'sql quoted' str\\ing", 1, 2.0))
def _pg_escape_term(term): if term==None: return None return psycoadapt(Searcher._pg_wrap_multiword_term(term)).getquoted()
def escape(self, s): if isinstance(s, unicode): s = s.encode('utf-8') return '%s' % psycoadapt(str(s))