Am 17.05.2013 17:33, schrieb Daniele Varrazzo:> On Fri, May 17, 2013 at
4:10 PM, Christoph Zwerschke <c...@online.de> wrote:
>>
>> Another option would be to get rid of the parameter completely, and
silently
>> accept both styles, whatever is used in the sql command passed to the
>> execute method.
>
> This is impossible:
>
> cur.execute("""Select 'Guess how many params this query has?? ? ?
%s';""", args)
Hm, I forgot DBAPI does not care about SQL; it replaces parameters even
inside SQL strings. So then, you're right, it can be ambiguous.
By the way, this is really unclear from the DBAPI 2 documentation:
The example in the dbapi 2 docs is "WHERE name=?" and "WHERE name=%s"
which seems to indicate that the value is automatically put in quotes,
particularly in view of footnote 5 which says "The client should not be
required to "escape" the value so that it can be used — the value should
be equal to the actual database value." In this example this means, the
value would be a string without surrounding quotes. The example clause
should then be "WHERE name='?'" and "WHERE name='%s'".
Maybe this should be changed in DBAPI 3? This would allow the driver to
use prepared statements under the hood.
-- Chris
_______________________________________________
DB-SIG maillist - DB-SIG@python.org
http://mail.python.org/mailman/listinfo/db-sig
