That 1/2 answers my question - and it sounds correct for what you are saying.
But I am wondering why they picked that one. Yeah Yeah "Ask them" is the obvious answer :) I am also wondering why so many exist. I would think after a year or 2 they would all merge together. I have trouble trying to dream up 2 mutually exclusive features. On Thu, Jul 18, 2013 at 10:54 PM, Michael Bayer <mike...@zzzcomputing.com> wrote: > If I had to guess why Django has a statement like that up, they may not have > worked out their driver architecture such that they can easily swap out > various DBAPI implementations on top of the same database backend; i.e. they > probably have a "mysql.py" module with a big "import MySQLdb" hardcoded into > it. We've supported many DBAPIs per database for so long I've forgotten > about that old issue. > > Those other drivers generally target MySQLdb for compatibility, so I'm sure > you can get them to work at least 90% with django without much more hassle > than a monkeypatch. > > On Jul 18, 2013, at 11:03 PM, Carl Karsten <c...@personnelware.com> wrote: > >> Huh, I didn't know there were any other options. I wonder why this says >> this: >> >> MySQLdb is the Python interface to MySQL. Version 1.2.1p2 or later is >> required for full MySQL support in Django. >> >> https://docs.djangoproject.com/en/1.5/ref/databases/#mysqldb >> >> >> >> On Thu, Jul 18, 2013 at 9:08 AM, Michael Bayer <mike...@zzzcomputing.com> >> wrote: >>> >>> On Jul 18, 2013, at 9:38 AM, Carl Karsten <c...@personnelware.com> wrote: >>> >>>> I feel I need to post this now and then in hopes I find someone who >>>> can do something about it. This might even be worth some PSF funding? >>>> >>>> I am not a security expert, I am not qualified to asses the risk, it >>>> doesn't matter if I consider this a vulnerability. That said, I know >>>> it is a problem that should be fixed. >>>> >>>> query = query % tuple(( get_codec(a, self.encoders)(db, a) for a in args ) >>>> self._query(query) >>>> >>>> http://sourceforge.net/p/mysql-python/mysqldb-2/ci/default/tree/MySQLdb/cursors.py#l185 >>>> >>>> Yes: the mysql python module that everyone uses does string >>>> substitution to combine the command and parameters into a command with >>>> embedded constants. >>>> >>>> I opened a bug against it years ago. I looked at fixing it, but that >>>> lead me into coercing python values into whatever the mysql client lib >>>> does, and that is not something I should be doing. >>> >>> >>> Not like this shouldn't be fixed, but also in theory, people would be >>> moving to MySQL Connector/Python, seeing as it's the Python driver that's >>> actually advertised on the MySQL site and also runs in Python 3: >>> >>> http://dev.mysql.com/doc/connector-python/en/ >>> >>> I haven't looked at its source, and it did take a long time for this driver >>> to be usable, but recent versions seem to work well. It's worth seeing >>> what approach it takes to bound parameters internally. >>> >>> Not to mention there's lots of other MySQL drivers: OurSQL, cymysql, >>> pymysql. I've tested all of these and they all work pretty well. >>> >>> >> >> >> >> -- >> Carl K > -- Carl K _______________________________________________ DB-SIG maillist - DB-SIG@python.org http://mail.python.org/mailman/listinfo/db-sig
