QuoteSQL
Steve Holden
steve at holdenweb.com
Tue Sep 26 02:59:04 EDT 2006
Lawrence D'Oliveiro wrote:
> In message <mailman.560.1159188345.10491.python-list at python.org>, Steve
> Holden wrote:
>
>
>>When you use the DB API correctly and paramterise your queries you still
>>need to quote wildcards in search arguments, but you absolutely
>>shouldn't quote the other SQL specials.
>>
>>That's what parameterised queries are for on the first place...
>
>
> So you're suggesting I quote the wildcards, then rely on autoquoted
> parameters to handle the rest? Unfortunately, that's stupid mistake number
> 2.
Ah, so your quoting function will deduce the context in which arguments
intended for parameter substitution in the query will be used? Or are
you suggesting that it's unwise to rely on autoquoted parameters? That
could have a serious impact on the efficiency of some repeated queries.
I find it difficult to take your argument seriously. Are you doing this
just to be obnoxious, or do you have a genuine point to make?
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://holdenweb.blogspot.com
Recent Ramblings http://del.icio.us/steve.holden
More information about the Python-list
mailing list