As noted here (http://web2py.com/book/default/chapter/06#executesql), selects executed via executesql are not parsed or transformed by the DAL, so instead of getting a DAL Rows object, you get whatever is returned by the DB driver (i.e., list of tuples, though there's an option to convert to a list of dictionaries). I'm guessing that could cause some headaches, depending on what you're doing. (Side note: when selecting a large number of records, it should actually be faster because it will be skipping the DAL parsing.)
Anthony On Saturday, October 8, 2011 7:20:21 AM UTC-4, leftcase wrote: > > Call me wierd, but I'm finding it a little hard to get my head around > putting together select statements using the DAL. I think I must just > be having a stupid couple of weeks! > > I understand that using the DAL & SQLFORM etc for inserts will help > protect me against SQL Injection so I'm happy to keep on doing that, > but is there any particular reason I shouldn't just use db.executesql > to perform my selects (because I find it easier)? > > I also understand that raw SQL queries are database specific but I > don't mind, as I don't intend to move databases. > > Chris > >
