[DB-SIG] API suggestion: expose 'quote' method
Chris Cogdon
chris at cogdon.org
Mon Jun 2 21:31:29 EDT 2003
I'd like to make the following proposal for the next revision of the
API specfication:
New method to 'database' object: quote.
It has exactly the same parameter parsing semantics as the 'execute'
method, but instead of sending the statement to the DBMS, it simply
returns the string after the parameters have been quoted.
In effect, assuming the following:
cur = db.cursor ()
the following two statements would be equivalent:
cur.execute ( "some sql statement", parameters )
cur.execute ( db.quote ( "some sql statement", parameters ) )
Reasoning:
- There are many instances where you want to 'build up' the SQL
statement in pieces. For example, I have an application where I create
one object representing the interface to the database. To search for
records of a particular class, you create a 'criteria' object, and pass
that to the method of the database object. The criteria object is
responsibile for building the SQL 'WHERE" clause necessary to find the
required objects. The database method is responsible for building the
tables necessary for the where to function correctly.
This would be VERY hard if I had to organise the SQL, and the list of
parameters independantly before finally passing it to the 'execute'
method which binds the two together.
- Some API's make their quoting functions available (pg has 'quote',
pyPgSQL has '_quote'), but some do not (eg PoPy and psycopg) mostly
because they're written in C, and requires explicit efforts to expose
functions (as it should be, but it's inconvienient in this case).
- It would be best to have it as a method of a database object, even
though typical implementation would not require knowing anything about
the connection. This way, I can write code that is 'database agnostic',
but ensure that the right version of 'quote' is called when required.
So... any support for this change? Any comments?
--
("`-/")_.-'"``-._ Chris Cogdon <chris at cogdon.org>
. . `; -._ )-;-,_`)
(v_,)' _ )`-.\ ``-'
_.- _..-_/ / ((.'
((,.-' ((,/ fL
More information about the DB-SIG
mailing list