pymssql - Get formatted sql instead of executing

Question

See cousin post: psycopg - Get formatted sql instead of executing

I need to transition some code from Postgres to MS SQL Server. I have been using psycopg2 in Python to do all database calls. I have found a simlar library in pymssql that actually has a very similar API.

One thing that is missing is the mogrify call. In short, mogrify prevents SQL injection but does so without executing. Great for building up a SQL string.

Is there a call that is similar to the mogrify call in pymssql? If not, is there anohter Python library that does have a mogrify-like call? If I cannot find anything, I will transition my code to use the execute/executemany calls, but I'd prefer to avoid that if at all possible.

score 4 · Accepted Answer · answered Aug 31 '17 at 20:44

4

The function substitute_params is exported in the _mssql module. Example usage:

>>> import pymssql
>>> print pymssql._mssql.substitute_params("SELECT * FROM foo WHERE a = %s", ("quoted ' string",))
SELECT * FROM foo WHERE a = 'quoted '' string'

answered Aug 31 '17 at 20:44

ldrg

4,150
4
43
52

pymssql - Get formatted sql instead of executing

1 Answers1