Marty Alchin wrote:
> On 7/11/07, Carl Karsten <[EMAIL PROTECTED]> wrote:
>> What is djagoo's approach to passing values to the back end:
>>
>> A) create a string that is the SQL command and the values, pass that string
>> to
>> the db module.
>>
>> B) create a string that is the SQL command with parameter markers, pass that
>> string and the values to the db module.
>
> This sounds like a strange way to ask if Django is using prepared
> statements[1] or their equivalents, rather than simply supplying
> values directly within the SQL statement itself. To my knowledge,
> Django doesn't support them, and I haven't heard anything about
> existing code being intended to support them.
>
> I suppose whether it'd be a good idea in the future would be a
> question for future debate, but I don't think there's any reason to
> file a bug about the current behavior.
>
> -Gul
>
> [1] http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html
The reason it sounds strange is because that isn't what I was asking :)
It is pretty much this simple:
import settings
import MySQLdb
con = MySQLdb.connect(user=settings.DATABASE_USER,
passwd=settings.DATABASE_PASSWORD,
db=settings.DATABASE_NAME )
cur=con.cursor()
cur.execute("select * from auth_user where id=1" )
print cur.fetchall()
cur.execute("select * from auth_user where id=%s" % (1,) )
print cur.fetchall()
cur.execute("select * from auth_user where id=%s", (1,) )
print cur.fetchall()
All 3 return the same thing, but only the last one has a chance of the value
making it to the server separate from the command, which is a good thing.
The reason I say 'chance' is because in the case of MySQLdb, it gets combined
anyway[1]. But that is an implementation detail that A) you should not be
relied on and B) will probably be fixed soon.
[1] line 167 of
http://mysql-python.svn.sourceforge.net/viewvc/mysql-python/trunk/MySQLdb/MySQLdb/cursors.py?view=markup
query = query % connection.literal(args)
smush.
Carl K
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
