[DB-SIG] Re: Towards a single parameter style
Denis S. Otkidach
ods@strana.ru
Wed, 26 Feb 2003 19:54:05 +0300 (MSK)
On Tue, 25 Feb 2003, Daniel Dittmar wrote:
DD> If there was the additional requirement that SQL and
DD> Parameters have to
DD> be intertwined, there wouldn't be a need for the Param
DD> function. I'll
DD> definitely try it out to see if the additional quoting is
DD> going to be
DD> annoying.
It's error prone to rely on intertwined raw data and parameters.
It's even more error prone when query is constructed from parts.
Some examples:
('SELECT * FROM test WHERE surname=', 'my surname',
' AND firstname=', 'my first name')
# assume these variables are defined in different methods
query = ['SELECT '+','.join(fields)+' FROM '+table]
condition = ['name=', 'name']
group = ...
order = ...
if condition:
query += [' WHERE '] + condition
if group is not None:
query += [' GROUP BY '+group]
if order is not None:
query += [' ORDER BY '+order]
--
Denis S. Otkidach
http://www.python.ru/ [ru]