Python has an interface like this :
params = { 'mystrfield': 'hello', 'myintfield': 5 }cursor.execute( "SELECT myfield FROM mytable WHERE mystrfield=%(foo)s AND myintfield=%(bar)d;" , params )
It has the following advantages :
- separation of sql from data
- named parameters
- no problem with order
- one parameter can be reused several times
- automatic escaping of strings
- automatic enforcement of int, float etc types with %d and %f (throws an exception otherwise)
The only problem so far with Python's dbapi is that it does not understand arrays so they have to be stringified first.
---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
