[DB-SIG] API 3.0 limiting paramstyle to ['named', 'qmark'] is okay. ('format' is not desirable)
daniele.varrazzo at gmail.com
Fri May 17 18:21:28 CEST 2013
On Fri, May 17, 2013 at 5:17 PM, Christoph Zwerschke <cito at online.de> wrote:
> Hm, I forgot DBAPI does not care about SQL; it replaces parameters even
> inside SQL strings. So then, you're right, it can be ambiguous.
> By the way, this is really unclear from the DBAPI 2 documentation:
> The example in the dbapi 2 docs is "WHERE name=?" and "WHERE name=%s" which
> seems to indicate that the value is automatically put in quotes,
> particularly in view of footnote 5 which says "The client should not be
> required to "escape" the value so that it can be used — the value should be
> equal to the actual database value." In this example this means, the value
> would be a string without surrounding quotes. The example clause should then
> be "WHERE name='?'" and "WHERE name='%s'".
Quite the contrary: the quotes should never appear in the query and
these examples are correct but...
> Maybe this should be changed in DBAPI 3? This would allow the driver to use
> prepared statements under the hood.
... I would limit this thread to the issue of the paramstyle and leave
everything wished for dbapi3 to a different thread.
More information about the DB-SIG