[DB-SIG] paramstyles (mysql string length?)
Ian Bicking
ianb at colorstudy.com
Thu Apr 20 23:29:37 CEST 2006
Paul DuBois wrote:
> On 4/20/06 13:08, "Dieter Maurer" <dieter at handshake.de> wrote:
>
>
>>M.-A. Lemburg wrote at 2006-4-19 20:36 +0200:
>>
>>>...
>>>Actually, I don't think that parsing SQL is really necessary
>>>at all: in all the years I've used qmark style, I've never come
>>>across a situation where a SQL literal would include a question
>>>mark.
>>
>>I do not think this is a good idea. '?' are perfectly legal
>>in string literals and there they conventionally
>>do *NOT* mean "insert a parameter".
>
>
> Umm ... thing is, the ? placeholder markers in a SQL string _don't_ occur
> within string literals. That is, when you construct a SQL statement
> containing placeholder markers, you don't write the placeholders within
> quote marks. The parameter substitution mechanism adds quotes as necessary
> when it substitutes a data value for a placeholder.
He's referring to something like this:
def get_androgenous_users(state):
execute("SELECT * FROM users WHERE state = ? and gender = '?',
(state,))
...
--
Ian Bicking / ianb at colorstudy.com / http://blog.ianbicking.org
More information about the DB-SIG
mailing list