Daniel Dittmar wrote:
> Possible workarounds:
...
> - create a class for this purpose. Statement are created on the fly, but
> with placeholders so you don't run into the SQL Injection problem. As
> it's an object, you could cache these generated statements base on the
> size of the list
> It is unlikely that this can be solved at the driver level. Without
> support from the database, the driver would have to manipulate the SQL
> statement.
> And there are few predicates where a list parameter is useful. Expanding
> a list always yould lead to very bizarre error messages. Expanding them
> only where useful would require a SQL parser.
Perhaps I'm missing something fundamental here. I thought the
terms like :arg2 were already being parsed at the Python/driver
interface, to insert the right values from the Python args.
If that was so then it could be solved at the driver level pretty
easily; use the aformentioned "class for this purpose".
It sounds like you're saying that the interface is actually implemented
by passing the execute string and a database-specific dictionary-like
object; the latter created by the DB-API interface.
If so, I now understand the limitation.
Hmmmm.....
Andrew
[EMAIL PROTECTED]
--
http://mail.python.org/mailman/listinfo/python-list
