[DB-SIG] paramstyles (mysql string length?)

Paul DuBois paul at snake.net
Thu Apr 20 23:27:49 CEST 2006

On 4/20/06 13:08, "Dieter Maurer" <dieter at handshake.de> wrote:

> M.-A. Lemburg wrote at 2006-4-19 20:36 +0200:
>> ...
>> Actually, I don't think that parsing SQL is really necessary
>> at all: in all the years I've used qmark style, I've never come
>> across a situation where a SQL literal would include a question
>> mark.
> I do not think this is a good idea. '?' are perfectly legal
> in string literals and there they conventionally
> do *NOT* mean "insert a parameter".

Umm ... thing is, the ? placeholder markers in a SQL string _don't_ occur
within string literals.  That is, when you construct a SQL statement
containing placeholder markers, you don't write the placeholders within
quote marks.  The parameter substitution mechanism adds quotes as necessary
when it substitutes a data value for a placeholder.

If this were not true, then binding NULL to a placeholder would not be
possible.  If you wrote '?' rather than ?, NULL would incorrectly become
'NULL' and thus would itself become a literal string in the statement.

>> In reality, it all boils down to doing a simple search for
>> '?' in the string - after all, you usually pass strings in via
>> bound parameters.
> Zope, at least, would be unhappy, as it does not (yet) support
> bound parameters.

More information about the DB-SIG mailing list