On 25Jun2010 15:54, I wrote: | The number of times I've had to | fix/remove insert-values-into-SQL-text code ...
My point here is that with insert-escaped-values-into-sql-text, you only need to forget to do it once (or do it wrong). By using a parameterised form like that required by SQLalchemy the library does it and never forgets. I would also point out that if you use a library to _construct_ the SQL statements themselves eg via SQLA's .select() methods etc then you will never introduce a syntax error into the SQL either. I expect I could construct SQL syntax errors that cause havoc when inserted with correctly escaped parameter values if I tried, probably using quotes in the SQL typo part. Cheers, -- Cameron Simpson <c...@zip.com.au> DoD#743 http://www.cskk.ezoshosting.com/cs/ George, discussing a patent and prior art: "Look, this publication has a date, the patent has a priority date, can't you just compare them?" Paul Sutcliffe: "Not unless you're a lawyer." -- http://mail.python.org/mailman/listinfo/python-list
