[DB-SIG] API suggestion: expose 'quote' method

Chris Cogdon chris at cogdon.org
Tue Jun 3 13:10:10 EDT 2003

On Tuesday, Jun 3, 2003, at 11:56 US/Pacific, Kevin Jacobs wrote:

> On Tue, 3 Jun 2003, Chris Cogdon wrote:
>>> Implementing generic quoting properly often requires that a fair 
>>> amount
>>> of type-metadata is available.  It is more the job of a
>>> object/relational mapper than a low-level DB-API driver, although a
>>> DB-API driver can do it with some help from the backend.  Please do 
>>> not
>>> be mislead by some of the simplistic (and wrong) implementations that
>>> you may find laying around.
>> The API is responsible for knowing the requirements of the DMBS. 
>> That's
>> what it's *FOR* :)
> Yes, and it works when binding because there is enough context to map 
> each
> parameter to a particular SQL type.  Generic quoting without that 
> context is
> simply not possible without significant infrastructure or meta-data.  
> It is
> a great deal harder than exposing an internal method that already 
> exists
> within a driver.

I believe my suggestion was to expose the quoting mechanism in a way 
that EXACTLY REPLICATES the mechanism inside the API. Reiterating my 
first email on the subject, the following two examples would be 

cur.execute ( "some SQL statement", parameters )
cur.execute ( db.quote ( "some SQL statement", parameters ) )

In the first example, the SQL and the parameters are passed to execute, 
in the second, only the string, but the SQL statement and parameters 
are passed to the API's 'quote' method in **exactly the same way** as 
it's passed to 'execute' in the first example.

I don't see the problem here.

> I still suggest that you try writing a generic quoting library for your
> application.  At minimum you'll find out first hand how tricky it is.  
> At
> best, you'll end up with a nice tool that can then be shared with 
> others.

I can just lift them from the native-Python PostgreSQL libraries, for 
example, which is what I'm doing now.

Unfortunately, the C-native versions don't expose the quoting method, 
meaning that my 'piecemeal SQL' application has to either do a lot of 
work getting separated SQL and parameters to the 'execute' method, or 
write my own quoter. The former is a lot of work, the latter is 
'error-prone', especially if I want to change APIs or even DBMSes. This 
is why I'm suggesting making it part of the next specification revision.

    ("`-/")_.-'"``-._        Chris Cogdon <chris at cogdon.org>
     . . `; -._    )-;-,_`)
    (v_,)'  _  )`-.\  ``-'
   _.- _..-_/ / ((.'
((,.-'   ((,/   fL

More information about the DB-SIG mailing list