On 2007-05-22 19:42, Carsten Haese wrote: > On Tue, 2007-05-22 at 19:21 +0200, Dieter Maurer wrote: >> Art Protin wrote at 2007-5-22 09:22 -0400: >>> ... >>> In my opinion (which is never as humble as it should be), "qmark" is >>> barely adequate; >>> numeric should be the required minimum. But now that so many have >>> gotten used >>> to "qmark", it will probably never go away. >> If we speak about readability and safety, "%(name)s" combined >> with a dictionary is far better than "numeric" or "qmark". >> >> SQL statements can get quite a lot of parameters and readability is >> therefore valuable... > > I agree, but named style, i.e. ":name" is even more readable, and it's > not as easily confused with string formatting.
FWIW: Last time we discussed this, qmark was the agreed standard. Not because it's the easiest to read or safest, but simply because it's easy to implement and convert into all other styles. The named styles were out-ruled due to the confusion this causes among the users: most think they have to write the SQL statement as command % parameters which completely bypasses the advantages of bound parameters and indeed introduces security risks. I'm biased, of course, since ODBC does qmark, but still, I've never really had problems with it. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, May 22 2007) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ :::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 _______________________________________________ DB-SIG maillist - DB-SIG@python.org http://mail.python.org/mailman/listinfo/db-sig
