[DB-SIG] paramstyles (mysql string length?)
paul at snake.net
Thu Apr 20 23:27:49 CEST 2006
On 4/20/06 13:08, "Dieter Maurer" <dieter at handshake.de> wrote:
> M.-A. Lemburg wrote at 2006-4-19 20:36 +0200:
>> Actually, I don't think that parsing SQL is really necessary
>> at all: in all the years I've used qmark style, I've never come
>> across a situation where a SQL literal would include a question
> I do not think this is a good idea. '?' are perfectly legal
> in string literals and there they conventionally
> do *NOT* mean "insert a parameter".
Umm ... thing is, the ? placeholder markers in a SQL string _don't_ occur
within string literals. That is, when you construct a SQL statement
containing placeholder markers, you don't write the placeholders within
quote marks. The parameter substitution mechanism adds quotes as necessary
when it substitutes a data value for a placeholder.
If this were not true, then binding NULL to a placeholder would not be
possible. If you wrote '?' rather than ?, NULL would incorrectly become
'NULL' and thus would itself become a literal string in the statement.
>> In reality, it all boils down to doing a simple search for
>> '?' in the string - after all, you usually pass strings in via
>> bound parameters.
> Zope, at least, would be unhappy, as it does not (yet) support
> bound parameters.
More information about the DB-SIG