[DB-SIG] New take on PostgreSQL bindings for Python

[Cristian Gafton]

On Thu, 7 Sep 2006, Andy Dustman wrote:

> Parameter binding for MySQLdb is in the works for 2.0, and I may
> actually have a co-developer to work on it. However, not all MySQL SQL
> statements can be used with the prepared statements API, or so says
> the documentation, which complicates things, so in some cases it is
> necessary to fall back to doing parameter substitution on the client
> side.

Yeah, that's a real bitch. Looks like in MySQL most of the DDL statements 
can not be sent to the server with bind parameters. That being said, some 
simple .startswith() tests on the Python side can sort out the DML 
statements - most exposed to SQL injection attacks and make those use bind 
params.

Cristian
-- 
Cristian Gafton
rPath, Inc.