QuoteSQL
Steve Holden
steve at holdenweb.com
Mon Sep 25 08:45:29 EDT 2006
Lawrence D'Oliveiro wrote:
> In message <slrnehfah2.foq.sybrenUSE at schuimige.stuvel.eu>, Sybren Stuvel
> wrote:
>
>
>>Duncan Booth enlightened us with:
>>
>>>I think his point was that any '%' characters inside name act like
>>>wildcards whereas his version looked for literal percents.
>>
>>But of course.
>>
>>
>>>This could be an argument for having a utility function to escape
>>>the wildcards for this sort of situation, but certainly not an
>>>argument for his proposed QuoteSQL.
>>
>>Indeed. An escaping function should be small and not do all kinds of
>>escaping for different situations at once.
>
>
> Look at it this way: there is _no_ case where you need escaping of wildcards
> without also escaping other specials.
Yes, there is, so please lose the bombast.
When you use the DB API correctly and paramterise your queries you still
need to quote wildcards in search arguments, but you absolutely
shouldn't quote the other SQL specials.
That's what parameterised queries are for on the first place, and they
have a portability advantage among other reasons why you should use them
(another's potential efficiency).
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://holdenweb.blogspot.com
Recent Ramblings http://del.icio.us/steve.holden
More information about the Python-list
mailing list