[DB-SIG] API 3.0 limiting paramstyle to ['named', 'qmark'] is okay. ('format' is not desirable)
cito at online.de
Fri May 17 18:17:58 CEST 2013
Am 17.05.2013 17:33, schrieb Daniele Varrazzo:> On Fri, May 17, 2013 at
4:10 PM, Christoph Zwerschke <cito at online.de> wrote:
>> Another option would be to get rid of the parameter completely, and
>> accept both styles, whatever is used in the sql command passed to the
>> execute method.
> This is impossible:
> cur.execute("""Select 'Guess how many params this query has?? ? ?
Hm, I forgot DBAPI does not care about SQL; it replaces parameters even
inside SQL strings. So then, you're right, it can be ambiguous.
By the way, this is really unclear from the DBAPI 2 documentation:
The example in the dbapi 2 docs is "WHERE name=?" and "WHERE name=%s"
which seems to indicate that the value is automatically put in quotes,
particularly in view of footnote 5 which says "The client should not be
required to "escape" the value so that it can be used — the value should
be equal to the actual database value." In this example this means, the
value would be a string without surrounding quotes. The example clause
should then be "WHERE name='?'" and "WHERE name='%s'".
Maybe this should be changed in DBAPI 3? This would allow the driver to
use prepared statements under the hood.
More information about the DB-SIG