psycopg2 E' on table, field and schema

I am having the same problem as: python adds "E" t开发者_JAVA技巧o string

All the answers given are relevant, but I am breaking my neck on this one.

The problem is that psycopg2 not only escapes values, but also schema, table and column names like this:

CREATE TABLE E'Tablename' (E'identificatie' VARCHAR(16))

Which it simply shouldn't! How van I get rid of the E and '' for table names and columns but maintain them for field values?

the alternative

'CREATE TABLE ' + tablename + ' (' + fieldname... %

makes it vulnerable to sql injection all over again.

Stuck between a rock and a hard place..

It is, for better or worse, generally not supported by the Python interfaces and Psycopg in particular to substitute user-supplied identifiers into SQL commands. You will have to roll your own. It can be done with a few lines of code.

Ok, thanks Peter, at least I know not to look any further. I decided to take a different approach:

Use a script file to generate the database instead of generating it from code. This will make it more easy to have "versioning" on the database.

Meanwhile, I am taking a look at sqlalchemy http://www.sqlalchemy.org/ which pretty much does what I want but is currently a step to far as it requires a drastic restructure of the application I am rebuilding