On Thu, 7 Sep 2006, Andy Dustman wrote: > Parameter binding for MySQLdb is in the works for 2.0, and I may > actually have a co-developer to work on it. However, not all MySQL SQL > statements can be used with the prepared statements API, or so says > the documentation, which complicates things, so in some cases it is > necessary to fall back to doing parameter substitution on the client > side.
Yeah, that's a real bitch. Looks like in MySQL most of the DDL statements can not be sent to the server with bind parameters. That being said, some simple .startswith() tests on the Python side can sort out the DML statements - most exposed to SQL injection attacks and make those use bind params. Cristian -- Cristian Gafton rPath, Inc. _______________________________________________ DB-SIG maillist - DB-SIG@python.org http://mail.python.org/mailman/listinfo/db-sig
