"Since columns is a sequence, and sequences in SQL are always joined by ,, "
That is clearly wrong. With the SQL engine I use (PostgreSQL); there is the data type of "ARRAY", so sequences are stored as array.
"SELECT name, address FROM %s WHERE id = %S"
As much as I understand: Big S means escaping, small s means "do not escape" ? For me this bears to much risk for to less gain. Especially since dynamic exchanges of the names of tables and columns in SQL-queries is a totally different beast then changing parameters. "Different beast" as:
"usually has to happen in two steps"
is quite incorrect concerning the "ususally" in my experience. The dynamic exchanging of tablenames within statements is the ABSOLUTE minority, 1 out of 40 or less statements. Especially since queries querying only one table are the absolute minority; and the dynamic exchange of 3 tables is undebuggable :)
So from my point -1
Harald
--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
Let's set so double the killer delete select all.
_______________________________________________ DB-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/db-sig
