On 14/02/2013 20:01, Peter Eisentraut wrote:
On 2/14/13 9:23 AM, Manlio Perillo wrote:
1) always use PQsendQueryParams functions.
This will avoid having to escape parameters, as it is done in
psycopg2
(IMHO it still use simple query protocol for compatibility purpose)
I think the reason this doesn't work is that in order to prepare a query
you need to know the parameter types, but you don't know that in Python,
or at least with the way the DB-API works. For example, if you write
cur.execute("SELECT * FROM tbl WHERE a = %s AND b = %s", (val1, val2))
what types will you pass to PQsendQueryParams?
Pardon me if this is obvious, but why would you need to pass any types
at all? Assuming we're still talking about PQsendQueryParams and not an
explicit prepare/execute cycle..
Regards,
Marko Tiikkaja
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
