Paul DuBois wrote:
> On 4/20/06 13:08, "Dieter Maurer" <[EMAIL PROTECTED]> wrote:
>
>
>>M.-A. Lemburg wrote at 2006-4-19 20:36 +0200:
>>
>>>...
>>>Actually, I don't think that parsing SQL is really necessary
>>>at all: in all the years I've used qmark style, I've never come
>>>across a situation where a SQL literal would include a question
>>>mark.
>>
>>I do not think this is a good idea. '?' are perfectly legal
>>in string literals and there they conventionally
>>do *NOT* mean "insert a parameter".
>
>
> Umm ... thing is, the ? placeholder markers in a SQL string _don't_ occur
> within string literals. That is, when you construct a SQL statement
> containing placeholder markers, you don't write the placeholders within
> quote marks. The parameter substitution mechanism adds quotes as necessary
> when it substitutes a data value for a placeholder.
He's referring to something like this:
def get_androgenous_users(state):
execute("SELECT * FROM users WHERE state = ? and gender = '?',
(state,))
...
--
Ian Bicking / [EMAIL PROTECTED] / http://blog.ianbicking.org
_______________________________________________
DB-SIG maillist - [email protected]
http://mail.python.org/mailman/listinfo/db-sig
