Why are String Formatted Queries Considered So Magical?
Carl Banks
pavlovevidence at gmail.com
Mon Jun 28 00:12:30 EDT 2010
On Jun 27, 8:52 pm, Stephen Hansen <me+list/pyt... at ixokai.io> wrote:
> Then there's the type of SQL that results in DBA's having jobs-- and
> deservedly so. Its *really* a very flexible and powerful language
> capable of doing quite a lot to bend, flex, twist, and interleave that
> data in the server while building up a result set for you.
All right, I get it.
I'm not talking about SQL, I'm talking about RDBs. But I guess it is
important for serious RDBs to support queries complex enough that a
language like SQL is really needed to express it--even if being called
from an expressive language like Python. Not everything is a simple
inner joins. I defer to the community then, as my knowledge of
advanced SQL is minimal.
We'll just have accept the risk of injection attacks as a trade off,
and try to educate people to use placeholders when writing SQL.
Carl Banks
More information about the Python-list
mailing list