On 8/17/06, Paul Moore <[EMAIL PROTECTED]> wrote: > However, you assume that the "second stage", of adding variable > bindings supplied in the cursor.execute call, is also a string > formatting exercise (just with automatic escaping). This is most > certainly not the case in Oracle - the query is sent to the DB engine > as given, with variable placeholders intact, and the variable bindings > are sent independently.
Paul, I totally agree with you. What you've described about parameter binding in Oracle is true for most databases too. To use parameter binding is critical for performance (query plan caching) and security (SQL injection). > "Martin Blais" <[EMAIL PROTECTED]> writes: > > I want to propose a few improvements on the DBAPI 2.0 Cursor.execute() > > method interface. You can find the details of my proposed changes > > here: > > http://furius.ca/pubcode/pub/conf/common/lib/python/dbapiext.html Martin, I think your improvements are too specific to have a place in DB-API. You can build a little layer above DB-API, with specific Connection and Cursor classes implementing your desired behaviors. DB-API needs to stay simple to foster development of drivers for every databases. Cheers, Nicolas Grilly _______________________________________________ DB-SIG maillist - DB-SIG@python.org http://mail.python.org/mailman/listinfo/db-sig
