[DB-SIG] Proposed improvements to DBAPI 2.0 Cursor.execute() method.
Nicolas Grilly
nicolas at garden-paris.com
Fri Aug 18 12:00:14 CEST 2006
On 8/17/06, Paul Moore <pf_moore at yahoo.co.uk> wrote:
> However, you assume that the "second stage", of adding variable
> bindings supplied in the cursor.execute call, is also a string
> formatting exercise (just with automatic escaping). This is most
> certainly not the case in Oracle - the query is sent to the DB engine
> as given, with variable placeholders intact, and the variable bindings
> are sent independently.
Paul,
I totally agree with you. What you've described about parameter
binding in Oracle is true for most databases too. To use parameter
binding is critical for performance (query plan caching) and security
(SQL injection).
> "Martin Blais" <blais at furius.ca> writes:
> > I want to propose a few improvements on the DBAPI 2.0 Cursor.execute()
> > method interface. You can find the details of my proposed changes
> > here:
> > http://furius.ca/pubcode/pub/conf/common/lib/python/dbapiext.html
Martin,
I think your improvements are too specific to have a place in DB-API.
You can build a little layer above DB-API, with specific Connection
and Cursor classes implementing your desired behaviors. DB-API needs
to stay simple to foster development of drivers for every databases.
Cheers,
Nicolas Grilly
More information about the DB-SIG
mailing list