[DB-SIG] paramstyles (mysql string length?)

Ian Bicking ianb at colorstudy.com
Tue Apr 25 00:19:47 CEST 2006


Chris Clark wrote:
> In reference to finding question marks in SQL queries and ignoring 
> string literals
> 
> M.-A. Lemburg wrote:
>>Does anyone know a good implementation of such a search&replace
>>mechanism ?
>>  
> 
> I've not seen any existing code to deal with this BUT there are a couple 
> of places to check:
> 
>     * SnakeSQL <http://www.pythonweb.org/projects/snakesql/>
>     * gadfly <http://gadfly.sourceforge.net/>
> 
> 
> as they are pure Python database engines and so have some SQL parsing 
> code in them already that maybe usable.
> 
> But you can always cheat and iterate through the SQL string and just 
> count (incrementing and decrementing) single quotes.
> You need to remember to deal with the special case of embedded single 
> quotes (by keeping a mini back buffer) like this:
> 
>     'it''s Monty Python'

Postgres and MySQL allow 'it\'s Monty Python'.  Parsing SQL for every 
query seems like a bit of a performance problem, especially because the 
parsing itself can be different for different databases.


-- 
Ian Bicking  /  ianb at colorstudy.com  /  http://blog.ianbicking.org


More information about the DB-SIG mailing list