Why are String Formatted Queries Considered So Magical?
Carl Banks
pavlovevidence at gmail.com
Tue Jun 29 23:24:36 EDT 2010
On Jun 28, 3:07 am, Dennis Lee Bieber <wlfr... at ix.netcom.com> wrote:
> On Sun, 27 Jun 2010 21:02:57 -0700, Stephen Hansen
> <me+list/pyt... at ixokai.io> declaimed the following in
> gmane.comp.python.general:
>
> > (This is an area where parametrized queries is even more important: but
> > I'm not sure if MySQL does proper prepared queries and caching of
> > execution plans).
>
> MySQL version 5 finally added prepared statements and a discrete
> parameter passing mechanism...
>
> However, since there likely are many MySQL v4.x installations out
> there, which only work with complete string SQL, MySQLdb still formats
> full SQL statements (and it uses the Python % string interpolation to do
> that, after converting/escaping parameters -- which is why %s is the
> only allowed placeholder; even a numeric parameter has been converted to
> a quoted string before being inserted in the SQL).
>
> It would be nice if MySQLdb could become version aware in a future
> release, and use prepared statements on v5 engines... I doubt it can
> drop the existing string based queries any time soon... Consider the
> arguments about how long Python 2.x will be in use (I'm still on 2.5)...
> Imagine the sluggishness in having database engines converted
> (especially in a shared provider environment, where the language
> specific adapters also need updating -- ODBC drivers, etc.)
Thanks, your replies to this subthread have been most enlightening.
Carl Banks
More information about the Python-list
mailing list