[DB-SIG] API suggestion: expose 'quote' method

M.-A. Lemburg mal at lemburg.com
Tue Jun 3 10:23:43 EDT 2003

Chris Cogdon wrote:
> I'd like to make the following proposal for the next revision of the API 
> specfication:
> New method to 'database' object: quote.
> It has exactly the same parameter parsing semantics as the 'execute' 
> method, but instead of sending the statement to the DBMS, it simply 
> returns the string after the parameters have been quoted.
> In effect, assuming the following:
> cur = db.cursor ()
> the following two statements would be equivalent:
> cur.execute ( "some sql statement", parameters )
> cur.execute ( db.quote ( "some sql statement", parameters ) )
> Reasoning:
> - There are many instances where you want to 'build up' the SQL 
> statement in pieces. For example, I have an application where I create 
> one object representing the interface to the database. To search for 
> records of a particular class, you create a 'criteria' object, and pass 
> that to the method of the database object. The criteria object is 
> responsibile for building the SQL 'WHERE" clause necessary to find the 
> required objects. The database method is responsible for building the 
> tables necessary for the where to function correctly.
> This would be VERY hard if I had to organise the SQL, and the list of 
> parameters independantly before finally passing it to the 'execute' 
> method which binds the two together.

I don't buy that. By "quoting" you actually mean "binding" and you
thus lose all the benefits of having the SQL separated from the

The good thing about binding parameters is that the user
does *not* have to worry about quoting (plus it usually buys
a performance gain for next to nothing).

Of course, if some APIs think it's worth exposing such a quote
function, they are free to do so. It shouldn't be required, though.

Marc-Andre Lemburg

Professional Python Software directly from the Source  (#1, Jun 03 2003)
 >>> Python/Zope Products & Consulting ...         http://www.egenix.com/
 >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
EuroPython 2003, Charleroi, Belgium:                        21 days left

More information about the DB-SIG mailing list