DBAPI Paramstyle
Bob Parnes
rparnes at megalink.net
Fri Mar 25 08:44:11 EST 2005
On Thu, 24 Mar 2005 15:03:13 +0100, Fredrik Lundh <fredrik at pythonware.com> \
wrote:
> Bob Parnes wrote:
>
>> I must be missing something, so perhaps someone can explain
>> the benefit of a paramstyle over the usual Python formatting
>> style and maybe suggest a test to show it. Thanks.
>
> set the parameter to "0; DROP DATABASE template1;" and see what
> happens.
>
> or set it to os.urandom(1000) and run your test a couple of times to see
> what happens.
>
Thanks for the suggestion. My system does not appear to contain an
os.urandom() method. It has a /dev/urandom device, but I don't know how to
use it for this purpose, except perhaps to select the first byte that it
produces.
I have a mediocre talent at programming, which is why I chose python.
For me it was a good choice. I note this so that I hope you understand why
I say that I don't know what you are driving at. My understanding is that a
paramstyle is more efficient than the traditional python approach for repeated
use of a query. If so, then I do not see how the choice of a parameter is
relevant. If it is more efficient only in a specific abstract case, then
one would have to look for other reasons to use it in a practical application.
Bob Parnes
--
Bob Parnes
rparnes at megalink.net
More information about the Python-list
mailing list