Why Is Escaping Data Considered So Magical?
Ian Kelly
ian.g.kelly at gmail.com
Sat Jun 26 02:33:16 EDT 2010
On Thu, Jun 24, 2010 at 9:38 PM, Lawrence D'Oliveiro
<ldo at geek-central.gen.new_zealand> wrote:
> In message <2010062422432660794-angrybaldguy at gmailcom>, Owen Jacobson wrote:
>
>> Why would I write this when SQLAlchemy, even without using its ORM
>> features, can do it for me?
>
> SQLAlchemy doesn’t seem very flexible. Looking at the code examples
> <http://www.sqlalchemy.org/docs/examples.html>, they’re very procedural:
> build object, then do a string of separate method calls to add data to it. I
> prefer the functional approach, as in my table-update example.
Your example from the first post of the thread rewritten using sqlalchemy:
conn.execute(
items.update()
.where(items.c.inventory_nr == modify_id)
.values(
dict(
(field[0], Params.getvalue("%s[%s]" % (field[1],
urllib.quote(modify_id))))
for field in [
(items.c.class_name, "modify_class"),
(items.c.make, "modify_make"),
(items.c.model, "modify_model"),
(items.c.details, "modify_details"),
(items.c.serial_nr, "modify_serial"),
(items.c.inventory_nr, "modify_invent"),
(items.c.when_purchased, "modify_when_purchased"),
... you get the idea ...
(items.c.location_name, "modify_location"),
(items.c.comment, "modify_comment"),
]
)
)
.values(last_modified = time.time())
)
Doesn't seem any less flexible to me, plus you don't have to worry
about calling your SQLString function at all.
Cheers,
Ian
More information about the Python-list
mailing list