[DB-SIG] In praise of pyformat
Paul Boddie
paul at boddie.org.uk
Sat Aug 11 18:14:16 CEST 2007
On Saturday 11 August 2007 10:25, Mike Meyer wrote:
>
> Well, InformixDB has a way that works. I can think of at least two
> other databases that it won't work for - or at least, will have
> surprising consequences for users. That's not the same thing as the
> paramstyle having a way.
Can you name those database systems? The DB-API should support parameters
without additional quoting. If, say, PostgreSQL doesn't support parameters
internally, the module should prevent the programmer from knowing about that.
[...]
> I do agree that the module authors ought to have to deal with this
> rather than the users. But letting each module author do it however
> they feel is best only helps users who are writing for a specific
> module; users trying to write code that's portable between modules
> and/or databases are better served by a specification that applies to
> all modules, even if it adds the burden of flagging significant
> characters as literal.
As you may have seen, I wrote some code which attempts to mark parts of
queries as literal and non-literal text:
http://www.python.org/pypi/sqlliterals
This should help module developers know whether a parameter marker is genuine
or not.
> If a new version of the PEP is going to require supporting a parameter
> style - which I believe is a good thing - it should be one that's at
> least as explicit as the most explicit of the current parameter
> styles. Which means the PEP needs to lay out the rules for when the
> parameters are recognized as such and when they aren't.
You previously asked the following question: "How do the other paramstyles
deal with wanting to get their significant character into the query?" The
answer is that at the application level you never have the problem of
getting, for example, a question mark into the query: it's either inside a
string literal, meaning that it's protected from any interpretation as a
parameter marker (1), or it's supplied as part of a value which is passed to
the database system in association with a parameter (2). Examples:
# (1)
cursor.execute("select name from addresses where status = '?' order by name")
# (2)
cursor.execute("select name from addresses where status = ? order by name",
("?",))
And where a question mark (or other parameter marker) appears outside a string
literal, it's unambiguously interpreted as a parameter marker since there
should be no other interpretation of that character outside literals. Of
course, choosing a character sequence which may plausibly be part of some
other syntactic feature would defeat such simple measures for knowing whether
that sequence was a parameter marker or not, but the question mark should be
a satisfactory choice according to the standard.
If one considers parameters as locations for string substitution, then I can
see how your question arises, but they are not mere substitutions, even if a
database module or system might use that mechanism to achieve the effect (due
to a lack of "proper" parameter support internally). The pyformat paramstyle
is confusing because it's used to achieve something that resembles the effect
of another mechanism - string substitution - but is actually somewhat
different (as the above explanation attempts to make clear). Meanwhile, some
of the other paramstyles are legitimate standards that can be seen in a
number of widespread technologies.
Paul
More information about the DB-SIG
mailing list