REFACTOR all generation of query
REFACTOR all build of qury from str to sql.SQL() query. This allow to make execute with data (to insert file for example). And increase a little the security.
This issue is not for today (couple of months).
Link to understand:
- https://www.psycopg.org/psycopg3/docs/api/sql.html#module-usage
- https://www.psycopg.org/psycopg3/docs/api/sql.html#sql-sql-string-composition
- https://stackoverflow.com/questions/1661262/check-if-object-is-file-like-in-python/24812058#24812058
- https://docs.python.org/3/library/io.html#io.BytesIO
opened_file = open("./docs/logo.png", "rb")
toto = opened_file.read()
cursor = conn.cursor()
cursor.execute(
"INSERT INTO files(data_file1, data_file2, data_file3) VALUES (%s, %s, %s)",
(psycopg.Binary(toto), psycopg.Binary(toto), psycopg.Binary(toto)),
)
sqle = SQLEnumerable(conn, "files").select().execute()
pretty_print(sqle)