James Bennett wrote:
> On 7/11/07, Marty Alchin <[EMAIL PROTECTED]> wrote:
>> This sounds like a strange way to ask if Django is using prepared
>> statements[1] or their equivalents, rather than simply supplying
>> values directly within the SQL statement itself. To my knowledge,
>> Django doesn't support them, and I haven't heard anything about
>> existing code being intended to support them.
>
> No, the question here is whether Django is calling cursor.execute()
> with an empty params list or with a non-empty params list (the answer
> is: the latter, in most cases). Prepared statements are something else
> entirely, and should not be confused with APIs which allow
> specification of placeholders to be filled in at execution time (e.g.,
> doing "cursor.execute('SELECT %s from %s', ['foo', 'bar'])" will
> execute only a SELECT, not a PREPARE followed by a SELECT).
technically, that shouldn't work. (but will in MySqldb, because of that line
167 flaw in the module.)
In your example, foo and bar are identifiers (field, table), not values.
parameters are for values.
But you have the right idea.
Carl K
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
