In message <[EMAIL PROTECTED]>, Steve Holden wrote: > Lawrence D'Oliveiro wrote: >> >> In message <[EMAIL PROTECTED]>, Steve >> Holden wrote: >> >> >>>When you use the DB API correctly and paramterise your queries you still >>>need to quote wildcards in search arguments, but you absolutely >>>shouldn't quote the other SQL specials. >>> >>>That's what parameterised queries are for on the first place... >> >> >> So you're suggesting I quote the wildcards, then rely on autoquoted >> parameters to handle the rest? Unfortunately, that's stupid mistake >> number 2. > > Ah, so your quoting function will deduce the context in which arguments > intended for parameter substitution in the query will be used? Or are > you suggesting that it's unwise to rely on autoquoted parameters?
No, I'm saying it's _incorrect_ to use the existing autoquoting mechanism in combination with a separate function that escapes the wildcards. I previously described the two stupid mistakes that can arise from having a separate function for doing just the wildcard quoting: this is the second one. > That could have a serious impact on the efficiency of some repeated > queries. Correctness comes before efficiency. It's no point doing it quickly if you're doing it wrong. -- http://mail.python.org/mailman/listinfo/python-list