On Saturday, February 05, 2011 12:33:34 pm Sibylle Koczian wrote: > Am 05.02.2011 20:41, schrieb John Fabiani: > > Yes we have two of each Postgres and MySQL use %s and SQLite uses '?' > > and FireBird uses both the '?' and ':name' (at least it did when I > > worked with it). Therefore, I think I'm aware of the issue. > > > > First let me say I am biased. I love using Postgres and in general I do > > not see SQLite as a reliable database engine (that's only my opinion and > > comes from my personal experiences - yes I know millions are using it). > > So in general I try to avoid using SQLite. > > > > My only answer is don't pass para directly - pass the SQL statement. > > This does several nice things IMO. SQLite does not allow parameters for > > anything but values. Meaning changing tables names, etc is impossible > > unless: sql = "select * from %s" > > sql = sql % self.tablename > > bizobj.UserSQL = sql > > But _this_ doesn't work anywhere using parameters, as far as I know. Not > with the Python database modules, not with ADO.NET, not with the old > Delphi database components (don't know anything at all about recent > Delphi versions). And not with any database backend. Parameters are for > values and only for values, but they are the strongly recommended method > for them (quoting and SQL injections are the main reasons, I think). > > Right or wrong? > Sibylle
First I don't use .Net anything and can't really comment. No I don't hate Windows. It's just I like python, Django, and QT and therefore have no need to use .Net anything. I was discussing Dabo and not anything else. The code example works for most of what I do (if not all of the code I write). As far as SQL injections I do not see the difference between using python's '%s' passing the complete sql statement and passing the '?' with the variable. As far as I know (and it's been my experience) that I can pass the complete statement to Dabo methods without any issues. Johnf _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/dabo-users Searchable Archives: http://leafe.com/archives/search/dabo-users This message: http://leafe.com/archives/byMID/[email protected]
