[DB-SIG] paramstyles (mysql string length?)

M.-A. Lemburg mal at egenix.com
Mon Apr 24 20:30:10 CEST 2006


Dieter Maurer wrote:
> M.-A. Lemburg wrote at 2006-4-19 20:36 +0200:
>> ...
>> Actually, I don't think that parsing SQL is really necessary
>> at all: in all the years I've used qmark style, I've never come
>> across a situation where a SQL literal would include a question
>> mark.
> 
> I do not think this is a good idea. '?' are perfectly legal
> in string literals and there they conventionally
> do *NOT* mean "insert a parameter".

Right, but if you use bound parameters, you rarely ever
have a need to use question marks in SQL literals.

>> In reality, it all boils down to doing a simple search for
>> '?' in the string - after all, you usually pass strings in via
>> bound parameters.
> 
> Zope, at least, would be unhappy, as it does not (yet) support
> bound parameters.

Would be a good incentive to change this :-)

Of course, scanning the SQL statement string for SQL literals
is safer, so this is what modules should do (at least if the
user passes in bound parameters to the .execute() method).

Does anyone know a good implementation of such a search&replace
mechanism ?

I tried coming up with something using re.sub() but it seems
this is beyond what you can do with re.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Apr 24 2006)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for free ! ::::


More information about the DB-SIG mailing list