kwcrook
November 26, 2019, 10:22pm
1
With other mysql databases, something like this works:
import pyodbc
cnxn = pyodbc.connect('DRIVER={SQL Server};SERVER=localhost;DATABASE=testdb;UID=me;PWD=pass')
cursor = cnxn.cursor()
cursor.execute("""
select user_id, user_name
from users
where last_logon < ?
and bill_overdue = ?
""", [datetime.date(2001, 1, 1), 'y'])
(This is straight out of the pyodbc docs )
But after extensive tinkering try to get the dremio odbc to work I keep on getting an error: pyodbc.ProgrammingError: ('The SQL contains 0 parameter markers, but 2 parameters were supplied', 'HY000')
I’ve tried every formatting specified in PEP249 with no luck. I’ve tried pandas and removed it with no luck.
@kwcrook
Currently we do not support parameterized SQL
Thanks
@balaji.ramaswamy
Is this a limitation specific to ODBC, or does this apply to JDBC also?
@balaji.ramaswamy
@patricker
Currently we do not support parameterized SQL in JDBC also
Thanks
@balaji.ramaswamy
Hi,
Any update on parameterized SQL?
Hi @preetigupta
Not yet, we do not have that feature in the product yet
Thanks
Bali
Thanks for quick reply. Would you recommend any alternate way to avoid possible SQLInjection attack?
Best regards,
Preeti
Any update on parameterisation support in JDBC and ODBC?
Hi @spireite Not yet, currently it is not prioritized and certainly in the backlog to be picked up later
dacopan
February 4, 2022, 1:51am
10
are you planning opensource jdbc driver?
we can contributing about it
Hi @dacopan I have checked with the right folks and someone will get back on this post
sauku
September 16, 2022, 6:11am
12
Hi @balaji.ramaswamy ,
Please can you let us know if there are any alternate way to avoid possible SQL Injection attack?
@preetigupta please let me know if you had find any alternate way?
Thanks,
Saurabh