problems with mysql db
Gabriel Genellina
gagsl-py2 at yahoo.com.ar
Tue Jun 30 04:11:41 EDT 2009
En Tue, 30 Jun 2009 03:33:52 -0300, Dennis Lee Bieber
<wlfraed at ix.netcom.com> escribió:
> On Mon, 29 Jun 2009 11:59:59 -0300, "Gabriel Genellina"
> <gagsl-py2 at yahoo.com.ar> declaimed the following in
> gmane.comp.python.general:
>
>> The fact that it's the same character used for formatting strings with
>> the
>> % operator is an unfortunate coincidence (or a very bad choice, I don't
>> know).
>>
> At the core -- if one looks at the Python source of the module and
> takes into account that, prior to MySQL 5.x, MySQL did not support
> "prepared statements", everything being sent as a full string query --
> MySQLdb actually uses string interpolation to fill in the fields...
> AFTER, of course, passing all the arguments through a function that
> "safes" them (escaping sensitive characters, converting numerics to
> string equivalent, etc., wrapping quotes about them).
Thanks for the historical reference. Even then, the code *could* have used
other markers, like ?, doing the appropiate substitutions before the final
string interpolation...
(but critisizing the original design after many years isn't fair!)
--
Gabriel Genellina
More information about the Python-list
mailing list