Am 05.02.2011 20:41, schrieb John Fabiani: > Yes we have two of each Postgres and MySQL use %s and SQLite uses '?' and > FireBird uses both the '?' and ':name' (at least it did when I worked with > it). Therefore, I think I'm aware of the issue. > > First let me say I am biased. I love using Postgres and in general I do not > see SQLite as a reliable database engine (that's only my opinion and comes > from my personal experiences - yes I know millions are using it). So in > general I try to avoid using SQLite. > > My only answer is don't pass para directly - pass the SQL statement. This > does several nice things IMO. SQLite does not allow parameters for anything > but values. Meaning changing tables names, etc is impossible unless: > sql = "select * from %s" > sql = sql % self.tablename > bizobj.UserSQL = sql >
But _this_ doesn't work anywhere using parameters, as far as I know. Not with the Python database modules, not with ADO.NET, not with the old Delphi database components (don't know anything at all about recent Delphi versions). And not with any database backend. Parameters are for values and only for values, but they are the strongly recommended method for them (quoting and SQL injections are the main reasons, I think). Right or wrong? Sibylle _______________________________________________ Post Messages to: Dabo-users@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/dabo-users Searchable Archives: http://leafe.com/archives/search/dabo-users This message: http://leafe.com/archives/byMID/4d4db41e.2060...@t-online.de
