lists in cx_Oracle
Andrew Dalke
dalke at dalkescientific.com
Tue May 3 00:15:51 EDT 2005
infidel wrote:
> I think perhaps you are asking for something that the OCI doesn't
> provide.
But it doesn't need to be supported by the OCI.
> And really, it all boils down to the list comprehension:
>
> in_clause = ', '.join([':id%d' % x for x in xrange(len(ids))])
And why can't the equivalent to that be supported in the
DB-API interface, so I can pass in a list/tuple and have
it just work?
> ... elegance is certainly subjective, and the above statement isn't the
> cleanest ever, but it solves your main problem while avoiding the other
> problem you mentiong (sql injection). Seems "elegant enough" to me.
The problem I mentioned is supporting inexperienced developers
(scientists writing software without local programming support)
who, in my experience, don't know about this pitfall and are
more likely to use a close but wrong solution than this correct
one. repr(ids) is after all much easier to write.
Andrew
dalke at dalkescientific.com
More information about the Python-list
mailing list