On Thu, Jan 03, 2019 at 10:10:19PM +0100, Christoph Zwerschke wrote:
> Am 03.01.2019 um 21:58 schrieb Justin Pryzby:
> > On Thu, Jan 03, 2019 at 09:49:24PM +0100, Christoph Zwerschke wrote:
> >> db.prepare('insert-tweet', "INSERT INTO tweets VALUES($1, $2, $3)")
> >
> > My first thought is to ask why not use %s parameters ?
>
> Because the $1 form is also the syntax for parameters used by the classic
> module in the query() method. It's very simple and natural because it's the
> same as you create the prepared statement in plain SQL.
Of course - that just means that pygres isn't doing anything with that string.
For us (we use only a wrapper around query_formatted), it means that prepared
statements would be the only thing using $1.
> Only the special query_formatted() method uses %s parameters.
I know it's newer, but I don't see it as "special", just higher-level and more
featureful. Going back 2-3 years, I chose to implement database
quoting/sanitation using the (brand new) query_formatted specifically because
it used %s, same as dbapi2. At the time, I envisioned a transition from 1)
pygres pg.py with unquoted params to 2) pygres query_formatted %s params to 3)
pgdb to psycopg - the movivation being to use cursors. For the moment I'm not
planning on changing anything beyond implementing prepared statements.
Thanks for considering - we'll be using whatever you implement. Using %s or $1
is a pretty thin change, and I think we'll only use prepare queries in two
places, and not
--
Justin Pryzby
System Administrator
Telsasoft
+1-952-707-8581
_______________________________________________
PyGreSQL mailing list
PyGreSQL@Vex.Net
https://mail.vex.net/mailman/listinfo/pygresql
