[Python-Dev] Re: [DB-SIG] API suggestion: expose 'quote' method
Stuart Bishop
zen@shangri-la.dropbear.id.au
Tue, 10 Jun 2003 18:46:18 +1000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=0D
On Thursday, June 5, 2003, at 07:40 PM, M.-A. Lemburg wrote:=0D
=0D
> Magnus Lyck=E5 wrote:=0D
>> At 17:18 2003-06-04 -0700, Chris Cogdon wrote:=0D
>>> So, perhaps what I really should be asking for is to include a =0D
>>> specification for an interface, such as what I've suggested before, =0D=
>>> but make that a OPTIONAL part of the specification. Ie, if it's easy =
=0D
>>> enough to expose, then the driver writers should expose it in the =0D=
>>> standard form.=0D
>>>=0D
>>> Does THAT sound reasonable ?=0D
>> Certainly. Many drivers implement things beyond the mandatory=0D
>> standard, and if it's possible to get the extras compatible=0D
>> across drivers, that's a big bonus in my opinion.=0D
>=0D
> No objection to adding a note to the spec about this. I still=0D
> think that you have to flesh out a reasonable API for this,=0D
> though, e.g. quoting should implemented on a per data type=0D
> basis rather than on a per SQL statement basis.=0D
=0D
Here is a starting point, stolen from Perl's DBI spec (which has=0D
had a fully functional quote method for almost a decade...)=0D
=0D
Translated into Python to avoid abuse ;)=0D
=0D
quote(value)=0D
=0D
Quote a value for use as a literal value in an SQL statement,=0D
by escaping any special characters (such as quotation marks) =0D
contained=0D
within the string and adding the required type of outer quotation =0D=
marks=0D
=0D
::=0D
=0D
>>> 'SELECT foo FROM bar WHERE baz =3D %s' % =
(con.quote("Don't"))=0D
"SELECT foo FROM bar WHERE baz =3D 'Don''t'"=0D
=0D
For most database types, quote would return ``'Dont''t'``=0D
(including the outer quotation marks).=0D
=0D
A value of ``None`` will be returned as the string ``NULL`` to=0D
match how NULLs are represented in SQL.=0D
=0D
Quote will probably *not* be able to deal with all possible input=0D=
(such as binary data or data containing newlines), and is not =0D
related in=0D
any way with escaping shell meta-characters. There is no need to =0D=
quote=0D
values being passed as bound parameters to the ``execute`` or=0D
``executemany`` methods.=0D
=0D
quoteidentifier(name)=0D
quoteidentifier(schema, table)=0D
quoteidentifier(catalog, schema, table)=0D
=0D
Quote an idenntifier (table name etc.) for use in an SQL statement,=0D=
by escaping any special characters (such as double quotation marks)=0D=
it contains and adding the required type of outer quotation marks.=0D=
=0D
Undefined names are ignored and the remainder are quoted and then=0D=
joined together, typically with a dot (``.``) character. For =0D
example::=0D
=0D
con.quoteidentifier(None, 'Her schema', 'My table')=0D
=0D
would, for most database types, return ``"Her schema"."My table"``=0D=
(including all the double quotation marks).=0D
=0D
If three names are supplied then the first is assumed to be a =0D
catalog=0D
name. For example, for Oracle::=0D
=0D
>>> con.quoteidentifier('link', 'schema', 'table')=0D
"schema"."table"@"link"=0D
=0D
- -- =0D
Stuart Bishop <zen@shangri-la.dropbear.id.au>=0D
http://shangri-la.dropbear.id.au/=0D
=0D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+5Zrgh8iUz1x5geARAmi2AJ9DFepNqmCakqhErOXkzCANynzXqwCgniQ9
KA6ggg4WGHl8gxuvcMzVNFA=3D
=3DGMpq
-----END PGP SIGNATURE-----