[DB-SIG] bound parameters
Carsten Haese
carsten at uniqsys.com
Tue Jan 2 23:32:31 CET 2007
On Tue, 2007-01-02 at 15:32 -0600, Carl Karsten wrote:
> print "#3", cur.execute("select count(*) as ncount from %(table)s",
> {'table':'logs'} ) !
Using bound parameters for object names virtually guarantees that your
code is not portable to other databases. The SQL standard allows
placeholders only where expressions are allowed. Databases like MySQL
don't enforce this because they rely on string interpolation to do the
"parameter passing", but a real database with a real parameter passing
API will yell at you:
>>> import informixdb
>>> conn = informixdb.connect("sysmaster")
>>> cur = conn.cursor()
>>> cur.execute("select * from ?", ("systables",) )
Traceback (most recent call last):
File "<stdin>", line 1, in ?
_informixdb.ProgrammingError: SQLCODE -201 in PREPARE:
42000: Syntax error or access violation
If you want true cross-database compatibility, you should use an
ORM/abstraction layer like SQLObject or SQLAlchemy which addresses
issues such as parameter styles, object naming, and even differences in
SQL dialects.
--
Carsten Haese | Phone: (419) 861-3331
Software Engineer | Direct Line: (419) 794-2531
Unique Systems, Inc. | FAX: (419) 893-2840
1687 Woodlands Drive | Cell: (419) 343-7045
Maumee, OH 43537 | Email: carsten at uniqsys.com
More information about the DB-SIG
mailing list