Dieter Maurer wrote: > M.-A. Lemburg wrote at 2006-4-19 20:36 +0200: >> ... >> Actually, I don't think that parsing SQL is really necessary >> at all: in all the years I've used qmark style, I've never come >> across a situation where a SQL literal would include a question >> mark. > > I do not think this is a good idea. '?' are perfectly legal > in string literals and there they conventionally > do *NOT* mean "insert a parameter".
Right, but if you use bound parameters, you rarely ever have a need to use question marks in SQL literals. >> In reality, it all boils down to doing a simple search for >> '?' in the string - after all, you usually pass strings in via >> bound parameters. > > Zope, at least, would be unhappy, as it does not (yet) support > bound parameters. Would be a good incentive to change this :-) Of course, scanning the SQL statement string for SQL literals is safer, so this is what modules should do (at least if the user passes in bound parameters to the .execute() method). Does anyone know a good implementation of such a search&replace mechanism ? I tried coming up with something using re.sub() but it seems this is beyond what you can do with re. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Apr 24 2006) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for free ! :::: _______________________________________________ DB-SIG maillist - DB-SIG@python.org http://mail.python.org/mailman/listinfo/db-sig
