[DB-SIG] API 3.0 limiting paramstyle to ['named', 'qmark'] is okay. ('format' is not desirable)

Christoph Zwerschke cito at online.de
Fri May 17 18:17:58 CEST 2013

Am 17.05.2013 17:33, schrieb Daniele Varrazzo:> On Fri, May 17, 2013 at 
4:10 PM, Christoph Zwerschke <cito at online.de> wrote:
 >> Another option would be to get rid of the parameter completely, and 
 >> accept both styles, whatever is used in the sql command passed to the
 >> execute method.
 > This is impossible:
 > cur.execute("""Select 'Guess how many params this query has?? ? ? 
%s';""", args)

Hm, I forgot DBAPI does not care about SQL; it replaces parameters even 
inside SQL strings. So then, you're right, it can be ambiguous.

By the way, this is really unclear from the DBAPI 2 documentation:

The example in the dbapi 2 docs is "WHERE name=?" and "WHERE name=%s" 
which seems to indicate that the value is automatically put in quotes, 
particularly in view of footnote 5 which says "The client should not be 
required to "escape" the value so that it can be used — the value should 
be equal to the actual database value." In this example this means, the 
value would be a string without surrounding quotes. The example clause 
should then be "WHERE name='?'" and "WHERE name='%s'".

Maybe this should be changed in DBAPI 3? This would allow the driver to 
use prepared statements under the hood.

-- Chris

More information about the DB-SIG mailing list