Am 18.08.2016 um 18:58 schrieb D'Arcy J.M. Cain:
> OK so perhaps the action item is to add paramstyle to pg and allow it
> to be changed to pyformat which would simply redirect query to
> query_formatted. What format would you call our current default?
I would call it "native PostgreSQL style".
Maybe some more explanations are helpful:
query() is the low-level method that maps directly to the C function,
using PostgreSQL native parameter style. Parameters are actually passed
as parameters to the C function and are not interpolated by Python.
query_formatted() has two modes depending on whether you set inline=True
or False.
The default mode inline=False converts Python parameter style to
PostgreSQL native style, i.e. sends the parameters separately to the C
function. The other mode also uses Python parameter style, but
interpolates the parameters in Python and sends an SQL command with
parameters already interpolated (exactly how pgdb does it).
Passing the parameters separately as in the default mode has the
advantage that Postgres can use the query planner cache when you are
running the same command many times with different parameters. Otherwise
Postgres thinks these are all different commands and will need to run
the query planner for every command. Sending parameters separately might
be also a bit safer regarding SQL injection, i.e. you don't need to rely
on that the interpolation has no security flaws.
-- Christoph
_______________________________________________
PyGreSQL mailing list
[email protected]
https://mail.vex.net/mailman/listinfo.cgi/pygresql
