[DB-SIG] Re: Towards a single parameter style

Denis S. Otkidach ods@strana.ru
Wed, 26 Feb 2003 19:54:05 +0300 (MSK)


On Tue, 25 Feb 2003, Daniel Dittmar wrote:

DD> If there was the additional requirement that SQL and
DD> Parameters have to
DD> be intertwined, there wouldn't be a need for the Param
DD> function. I'll
DD> definitely try it out to see if the additional quoting is
DD> going to be
DD> annoying.

It's error prone to rely on intertwined raw data and parameters.
It's even more error prone when query is constructed from parts.

Some examples:
('SELECT * FROM test WHERE surname=', 'my surname',
 ' AND firstname=', 'my first name')

# assume these variables are defined in different methods
query = ['SELECT '+','.join(fields)+' FROM '+table]
condition = ['name=', 'name']
group = ...
order = ...
if condition:
    query += [' WHERE '] + condition
if group is not None:
    query += [' GROUP BY '+group]
if order is not None:
    query += [' ORDER BY '+order]


-- 
Denis S. Otkidach
http://www.python.ru/      [ru]