[EMAIL PROTECTED] wrote: > >I hav read on this forum that SQL coding (A) below is preferred over >(B), but I find (B) is much faster (20-40% faster) > >(A) > > sqla= 'INSERT INTO DTABLE1 VALUES (%d, %d, %d, %f)' % values > curs.execute(sqla) > >(B) > pf= '?, ?, ?, ?' > sqlxb= 'INSERT INTO DTABLE2 VALUES ( %s ) ' % pf > curs.execute( sqlxb, values ) > >Any intution on why (A) is slower?
I think you misunderstood. (B) is *ALWAYS* the proper way of doing parameterized SQL queries. Unconditionally. The (A) style is way too vulnerable to SQL injection attacks. -- Tim Roberts, [EMAIL PROTECTED] Providenza & Boekelheide, Inc. -- http://mail.python.org/mailman/listinfo/python-list