pySQLite Insert speed
Tim Roberts
timr at probo.com
Sat Mar 1 02:03:01 EST 2008
mdboldin at gmail.com wrote:
>
>I hav read on this forum that SQL coding (A) below is preferred over
>(B), but I find (B) is much faster (20-40% faster)
>
>(A)
>
> sqla= 'INSERT INTO DTABLE1 VALUES (%d, %d, %d, %f)' % values
> curs.execute(sqla)
>
>(B)
> pf= '?, ?, ?, ?'
> sqlxb= 'INSERT INTO DTABLE2 VALUES ( %s ) ' % pf
> curs.execute( sqlxb, values )
>
>Any intution on why (A) is slower?
I think you misunderstood. (B) is *ALWAYS* the proper way of doing
parameterized SQL queries. Unconditionally. The (A) style is way too
vulnerable to SQL injection attacks.
--
Tim Roberts, timr at probo.com
Providenza & Boekelheide, Inc.
More information about the Python-list
mailing list