On Thu, Jan 03, 2019 at 10:10:19PM +0100, Christoph Zwerschke wrote: > Am 03.01.2019 um 21:58 schrieb Justin Pryzby: > > On Thu, Jan 03, 2019 at 09:49:24PM +0100, Christoph Zwerschke wrote: > >> db.prepare('insert-tweet', "INSERT INTO tweets VALUES($1, $2, $3)") > > > > My first thought is to ask why not use %s parameters ? > > Because the $1 form is also the syntax for parameters used by the classic > module in the query() method. It's very simple and natural because it's the > same as you create the prepared statement in plain SQL.
Of course - that just means that pygres isn't doing anything with that string. For us (we use only a wrapper around query_formatted), it means that prepared statements would be the only thing using $1. > Only the special query_formatted() method uses %s parameters. I know it's newer, but I don't see it as "special", just higher-level and more featureful. Going back 2-3 years, I chose to implement database quoting/sanitation using the (brand new) query_formatted specifically because it used %s, same as dbapi2. At the time, I envisioned a transition from 1) pygres pg.py with unquoted params to 2) pygres query_formatted %s params to 3) pgdb to psycopg - the movivation being to use cursors. For the moment I'm not planning on changing anything beyond implementing prepared statements. Thanks for considering - we'll be using whatever you implement. Using %s or $1 is a pretty thin change, and I think we'll only use prepare queries in two places, and not -- Justin Pryzby System Administrator Telsasoft +1-952-707-8581 _______________________________________________ PyGreSQL mailing list PyGreSQL@Vex.Net https://mail.vex.net/mailman/listinfo/pygresql