diff options
author | Steve McIntyre <steve.mcintyre@linaro.org> | 2014-11-28 18:23:47 +0000 |
---|---|---|
committer | Steve McIntyre <steve.mcintyre@linaro.org> | 2014-11-28 18:23:47 +0000 |
commit | e0b842a6047a5855cebc1fcb8065885db1da0353 (patch) | |
tree | 69fb37c4098ce04fbc602bb217321350e34e4408 /db/db.py | |
parent | b005a2f21f6cd1a2db1c9d79364ae50fec5aabb7 (diff) |
_get_row needs the same psycopg hoop-jumping as _get_element
Change-Id: I8ca25ab15d7a057412283308b707002d1034ebb2
Diffstat (limited to 'db/db.py')
-rw-r--r-- | db/db.py | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -148,8 +148,21 @@ class VlanDB: return self._get_element("vlan_name", "vlan", "vlan_id", vlan_id) def _get_row(self, table, field, value): - sql = "SELECT * FROM %s WHERE %s = %s" - data = (table, field, value) + + # We really want to use psycopg's type handling deal with the + # (potentially) user-supplied data in the value field, so we + # have to pass (sql,data) through to cursor.execute. However, + # we can't have psycopg do all the argument substitution here + # as it will quote all the params like the table name. That + # doesn't work. So, we substitute a "%s" for "%s" here so we + # keep it after python's own string substitution. + sql = "SELECT * FROM %s WHERE %s = %s" % (table, field, "%s") + + # Now, the next icky thing: we need to make sure that we're + # passing a dict so that psycopg2 can pick it apart properly + # for its own substitution code. We force this with the + # trailing comma here + data = (value, ) self.cursor.execute(sql, data) return self.cursor.fetchone() |