Andrew Dalke wrote: > infidel wrote: > >>I think perhaps you are asking for something that the OCI doesn't >>provide. > > > But it doesn't need to be supported by the OCI. > > >>And really, it all boils down to the list comprehension: >> >>in_clause = ', '.join([':id%d' % x for x in xrange(len(ids))]) > > > And why can't the equivalent to that be supported in the > DB-API interface, so I can pass in a list/tuple and have > it just work? > > >>... elegance is certainly subjective, and the above statement isn't the >>cleanest ever, but it solves your main problem while avoiding the other >>problem you mentiong (sql injection). Seems "elegant enough" to me. > > > The problem I mentioned is supporting inexperienced developers > (scientists writing software without local programming support) > who, in my experience, don't know about this pitfall and are > more likely to use a close but wrong solution than this correct > one. repr(ids) is after all much easier to write. > Andrew:
I cannot help but agree that a more sympathetic treatment of the various sequence types would help tyros and pros alike. Do you think this is a DB-API 3-ish kind of a thing, or would it layer over DB-API 2 in a relatively platform-independent manner? I suspect that some of the code has to be inside the driver (and hence possibly at least partly written in C) to hook into platform-dependent features like quoting string literals. but-you-may-know-better-ly y'rs - steve -- Steve Holden +1 703 861 4237 +1 800 494 3119 Holden Web LLC http://www.holdenweb.com/ Python Web Programming http://pydish.holdenweb.com/ -- http://mail.python.org/mailman/listinfo/python-list
