On Sun, 27 Apr 2008 11:55:18 -0400 Joe <[EMAIL PROTECTED]> wrote: > Ivan Sergio Borgonovo wrote: > > It'd be nice to have a wrapper that let you write prepared > > statements this way: > > > > "select a.id, b.name from a join b on a.id=b.id where > > a.status=$variable1 and b.id>$variable2 etc... but that's a pretty > > good change to any language parser.
> Python already supports something like that. See PEP 249 > (http://www.python.org/dev/peps/pep-0249/), under Module Interface, > the description of the paramstyle parameter. Psycopg2 supports both > the "format" (C printf) and "pyformat" styles. See the last section > on this page for an example using the pyformat style: > http://www.devx.com/opensource/Article/29071/0/page/3. That's better than nothing but it is still a lot of code duplication. You've to write column names in the sql statement and in the array and... column values are not contextual to the statement. That's easy... while what I wrote above does look as requiring a really special parser. Furthermore from the example it looks as if all this is going to miss the scope to prevent sql injection since it doesn't support prepared statements. -- Ivan Sergio Borgonovo http://www.webthatworks.it -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
