DBAPI Paramstyle

Bob Parnes rparnes at megalink.net
Fri Mar 25 14:44:11 CET 2005


On Thu, 24 Mar 2005 15:03:13 +0100, Fredrik Lundh <fredrik at pythonware.com> \
wrote:
> Bob Parnes wrote:
> 
>> I must be missing something, so perhaps someone can explain
>> the benefit of a paramstyle over the usual Python formatting
>> style and maybe suggest a test to show it. Thanks.
> 
> set the parameter to "0; DROP DATABASE template1;" and see what
> happens.
> 
> or set it to os.urandom(1000) and run your test a couple of times to see
> what happens.
> 

Thanks for the suggestion. My system does not appear to contain an
os.urandom() method. It has a /dev/urandom device, but I don't know how to
use it for this purpose, except perhaps to select the first byte that it
produces.

I have a mediocre talent at programming, which is why I chose python.
For me it was a good choice. I note this so that I hope you understand why
I say that I don't know what you are driving at. My understanding is that a 
paramstyle is more efficient than the traditional python approach for repeated 
use of a query. If so, then I do not see how the choice of a parameter is
relevant. If it is more efficient only in a specific abstract case, then
one would have to look for other reasons to use it in a practical application.

Bob Parnes

-- 
Bob Parnes
rparnes at megalink.net



More information about the Python-list mailing list