flask-sqlalchemy

I have the following query that uses like to search a blog. I am not sure if I'm making myself vulnerable to a SQL injection attack if I do this. How is SQLAlchemy handling this? Is it safe? search_results = Blog.query.with_entities(Blog.blog_title).filter(Blog.blog_title.like("%"+ searchQuery['queryText'] +"%")).all() The underlying db-api library for whatever database you're using (sqlite3, psycopg2, etc.) escapes parameters. SQLAlchemy simply passes the statement and parameters to execute , the driver does whatever is needed. Assuming you are not writing raw SQL that includes parameters

association_table = Table("association_table", Base.metadata, Column("show_id", Integer(), ForeignKey("show_times.id"), primary_key=True), Column("theater_id", Integer(), ForeignKey("theaters.id"))) association_table2 = Table("association_table2", Base.metadata, Column("show_id", Integer(), ForeignKey("show_times.id"), primary_key=True), Column("movie_id", Integer(), ForeignKey("movies.id"))) class Movie(Base): __tablename__ = "movies" id = Column(Integer, primary_key=True) title = Column(String(), unique=True) plot = Column(String()) duration = Column(String()) rating = Column(String())

How can I make a field on a ModelView readonly? class MyModelView(BaseModelView): column_list = ('name', 'last_name', 'email') Richard Aplin If you're talking about Flask-Admin with SQLAlchemy Models, and you're declaring a view by inheriting from sqlamodel.ModelView, you can just add this to your class definition: class MyModelView(BaseModelView): column_list = ('name', 'last_name', 'email') form_widget_args = { 'email':{ 'disabled':True } } I don't have enough reputation to comment on @thkang's answer, which is very close to what worked for me. The disabled attribute excludes the field from

I'm following the Flask-SQLAlchemy tutorial. I have Flask 0.9, sqlalchemy 0.7.8 and flask-sqlalchemy 0.16 on python 2.6. I'm trying to create a "one to many" relationship, like in their tutorial. class Person(db.Model): id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(50)) addresses = db.relationship('Address', backref='person', lazy='dynamic') class Address(db.Model): id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String(50)) person_id = db.Column(db.Integer, db.ForeignKey('person.id')) After that, I can create the database : from DataBase.Tables

We have a model with a JSON field where user flags get inserted. Inserting does work as expected, but when removing certain flags, they stay in the field and changes don't get persisted to the DB. We have the following method in our model: def del_flag(self, key): if self.user_flags is None or not key in self.user_flags: return False else: del self.user_flags[key] db.session.commit() return True The databasse is postgres and we use the SQLalchemy JSON field dialect for the field type. Any advice on this? If you are using Postgres < 9.4 you can't update JSON field directly. You need flag

This question already has an answer here: creating a database outside the application context 3 answers When scattering Flask Models, RuntimeError: 'application not registered on db' was raised 2 answers I'm trying to separate my Flask-SQLAlchemy models into separate files. When I try to run db.create_all() I get No application found. Either work inside a view function or push an application context. shared/db.py : from flask_sqlalchemy import SQLAlchemy db = SQLAlchemy() app.py : from flask import Flask from flask_sqlalchemy import SQLAlchemy from shared.db import db app = Flask(__name__) app

I have a website running with a mysql database using the sql-alchemy package that has suddenly broken. I have done some research and found that the expected issue is that the newest sql-alchemy update is handing flask-admin one more value than expected from "cls, key = identity_key(instance=obj)" Source The suggested fix is to edit the files to accept a third item but I am unable to do this with the permissions I have on my environment. Another answer links to a repo on github but I cannot figure out how that helps me. I'm very new to this and I don't know if I am supposed to clone the repo or