Python : Safe way to insert multiple values to psql table

Asked Jan 10 '22 at 08:46

Active Jan 10 '22 at 08:46

Viewed 37 times

So to insert multiple values to my psql table I use the following code:

sql_query = "INSERT INTO %s(%s) VALUES(%%s,%%s,%%s)" % (table_name, my_columns)
cursor = connection.cursor()
cursor.executemany(sql_query, tupled_data)

where tupled_data is a list of tuples where each element in each tuple is a new entry for the corresponding column.
I want to know if this is a safe way to do this kind of stuff ? Is it secured from sql injections ?
I found some possible answers here but it only states that it is safe for the cursor.execute() function and I want to know if it is the same for executemany()

asked Jan 10 '22 at 08:46

foxel

If the table and column names are from untrusted input then you are not safe. Psycopg2 provides tools for constructing SQL queries safely, you can use those. – snakecharmerb Jan 10 '22 at 08:54
@snakecharmerb only the data provided as tupled_data is from the user – foxel Jan 10 '22 at 09:55

Python : Safe way to insert multiple values to psql table

0 Answers0