Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Feature request: 'get_attributes' without prepared statements

See original GitHub issue

Hello!

Right now I’m trying out the AsyncSession in the SQLAlchemy@1.4 which uses asyncpg under the hood and as it turns out that specific configuration does not work well with pgbouncer even if you disable statement caching both in asyncpg and SQLAlchemy.

As discussed in the corresponding issue — https://github.com/sqlalchemy/sqlalchemy/issues/6467 — SQLAlchemy uses Connection.prepare() regardless of user’s decision on whether or not to use prepared statements. It is required to fetch the query attributes.

It looks like if there would be an ability to fetch attributes of the query without preparing it first, the issue could be mitigated. Therefore, I wanted to ask if there is a way to fetch those attributes without calling Connection.prepare() first?

cc @zzzeek

Issue Analytics

State:
Created 2 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

2reactions

elpranscommented, Oct 12, 2021

I wanted to ask if there is a way to fetch those attributes without calling Connection.prepare() first?

Alas, no. Asyncpg is fundamentally built around the Postgres extended query protocol, and so the API and the implementation are built around that. The other way to get information about the query result is to run it with the simple query protocol, but we can’t use that, because the protocol does not return enough information about the attribute types to decode them effectively and so we must introspect the type catalog to build the decoding pipeline.

Looking at https://github.com/sqlalchemy/sqlalchemy/issues/6467, it seems like the issue isn’t necessarily that prepare() doesn’t work, it’s that prepared statement names aren’t unique across connections and pgbouncer mixes them up. Merging #775 might help with this, although I need to think whether that should be unconditional or based on some connection parameter, since UUID generation isn’t necessarily very fast.

1reaction

elpranscommented, Oct 12, 2021

Yeah, I think so.

Top Results From Across the Web

Does using preparedStatement mean there will not be any ...

Using the prepared statement feature of the language provided means you are using a tried and tested solution for the problem - it...

Query Parameterization Cheat Sheet - GitHub

Prepared Statement Examples. Using Java built-in feature. String custname = request.getParameter("customerName"); String query = "SELECT account_balance ...

SQL Injection Prevention - OWASP Cheat Sheet Series

Option 1: Use of Prepared Statements (with Parameterized Queries); Option 2: Use of Properly Constructed Stored Procedures; Option 3: Allow-list Input ...

Use of prepared statements in Sugar 7.9 - Dev Blog - SugarClub

Prepared Statements, also known as parameterized statements, is a database feature that allows the same or similar queries to be executed with ...

Prevent SQL Injection via Prepared Statements or ...

In Standard Java we have function prepareStatement() to write parametrized queries. String customername = request.getParameter(“custName”); String query = “ ...