Passing parameter in psycopg2

Question

I am trying to access PostgreSQL using psycopg2:

sql = """
SELECT
    %s
FROM
    table;
"""

cur = con.cursor()
input = (['id', 'name'], )
cur.execute(sql, input)

data = pd.DataFrame.from_records(cur.fetchall())

However, the returned result is:

             0
0   [id, name]
1   [id, name]
2   [id, name]
3   [id, name]
4   [id, name]

If I try to access single column, it looks like:

     0
0   id
1   id
2   id
3   id
4   id

It looks like something is wrong with the quoting around column name (single quote which should not be there):

In [49]: print cur.mogrify(sql, input)

SELECT
    'id'
FROM
    table;

but I am following doc: http://initd.org/psycopg/docs/usage.html#

Anyone can tell me what is going on here? Thanks a lot!!!

FriC · Accepted Answer · 2015-06-06 00:25:43Z

13

Use the AsIs extension

import psycopg2
from psycopg2.extensions import AsIs

column_list = ['id','name']
columns = ', '.join(column_list)

cursor.execute("SELECT %s FROM table", (AsIs(columns),))

And mogrify will show that it is not quoting the column names and passing them in as is.

answered Jun 6, 2015 at 0:25

FriC

81612 silver badges14 bronze badges

Add a comment |

Niccolò Mineo · Accepted Answer · 2023-07-24 08:17:40Z

4

Nowadays, you can use sql.Identifier to do this in a clean and secure way :

from psycopg2 import sql

statement = """
SELECT
    {id}, {name}
FROM
    table;
"""

with con.cursor() as cur:
  cur.execute(sql.SQL(statement).format(
    id=sql.Identifier("id"),
    name=sql.Identifier("name")
  ))

  data = pd.DataFrame.from_records(cur.fetchall())

More information on query composition here : https://www.psycopg.org/docs/sql.html

edited Jul 24, 2023 at 8:17

Niccolò Mineo

931 silver badge9 bronze badges

answered Sep 6, 2020 at 16:13

Mickael V.

1,19212 silver badges22 bronze badges

Add a comment |

Alexey Vyazovsky · Accepted Answer · 2018-06-13 13:45:44Z

The reason was that you were passing the string representation of the array ['id', 'name'] as SQL query parameter but not as the column names. So the resulting query was similar to

SELECT 'id, name' FROM table

Looks your table had 5 rows so the returned result was just this literal for each row.

Column names cannot be the SQL query parameters but can be just the usual string parameters which you can prepare before executing the query-

sql = """
SELECT
    %s
FROM
    table;
"""

input = 'id, name'
sql = sql % input
print(sql)

cur = con.cursor()
cur.execute(sql)

data = pd.DataFrame.from_records(cur.fetchall())

In this case the resulting query is

SELECT
    id, name
FROM
    table;

Collectives™ on Stack Overflow

Passing parameter in psycopg2

3 Answers 3

Your Answer

Not the answer you're looking for? Browse other questions tagged
python
postgresql
psycopg2
or ask your own question.

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

Your Answer

Sign up or log in

Post as a guest

Not the answer you're looking for? Browse other questions tagged pythonpostgresqlpsycopg2 or ask your own question.

Related

Not the answer you're looking for? Browse other questions tagged
python
postgresql
psycopg2
or ask your own question.