[postgis-users] Psycopg2 : bad request

Mikel Gonzalez mikel at mapplas.com
Mon Jun 30 02:54:13 PDT 2014


Hi,

The try/catch clause is pretty loose so many things can be happening there.
Still, i found one disturbing error there that i'm pretty sure psycopg2
will be complaining about:

*    selectString = "SELECT ST_AsText(geom), cult_lib FROM rpg WHERE
ST_Intersects(SELECT ST_GeomFromText('POINT(%s %s)',2154), rpg)" % (x,
y)
>
>     cur.execute(selectString)*
>
> It's a REALLY bad idea to pass SQL parameters in this way, because this
can lead to a serious breach in security. Please, have a look at the
documentation here:

http://initd.org/psycopg/docs/usage.html#passing-parameters-to-sql-queries

It's brilliantly explained and I hope that will solve your problem.

Another little advice; if you want to know more specifics of what error
you're getting, in the 'except' clause, add this:

except Exception as e:
>

After that you'll be able to use the Exception object and retrieve
information from it, or just "print e" to see the error the program is
throwing you.

Regards,




On Wed, Jun 25, 2014 at 10:44 PM, dandrigo <lcelati at latitude-geosystems.com>
wrote:

> Dear all,
>
> I coded a web service with psycopg. I have already imported
> one vector data (land cover) and one Digital Elevation Model
> (raster layer) into my postgresql/postgis database (server side).
>
> I succeed in connecting to my pg db via psycopg2 (postgresql 's python api)
>
> Client side, operators use a client application (Developed with PHP /
> javascript / openlayers).
>
> Objectives :  Client side, once the layer would be selected,and once
> the operators have clicked on the map  , they would like that usefull
> informations appear on the interface of the client application(kind of
> land cover and z of the DEM).
>
>
> => So Regarding my  script, i writed 2 (one for each layer) SQL query in
> order to
> select usefull informations of the db layers. And, of course, the
> information must  depend on geographic coordinates (Latitude
> Y/Longitute X).
> In a 2nd time, my script must  produce a result(JSon type) for the
> client side.
>
> But the result of my script when i execute it : "bad request".
>
> Please find below the script :
>
> web_service_test.py
> <http://postgis.17.x6.nabble.com/file/n5006541/web_service_test.py>
>
> Could tou throw light for me?
>
> Thanks.
>
>
>
> --
> View this message in context:
> http://postgis.17.x6.nabble.com/Psycopg2-bad-request-tp5006541.html
> Sent from the PostGIS - User mailing list archive at Nabble.com.
> _______________________________________________
> postgis-users mailing list
> postgis-users at lists.osgeo.org
> http://lists.osgeo.org/cgi-bin/mailman/listinfo/postgis-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/postgis-users/attachments/20140630/0fbffdf7/attachment.html>


More information about the postgis-users mailing list