On 24/05/20 5:43 PM, Frank Millman wrote:
On 2020-05-23 9:45 PM, DL Neil via Python-list wrote:
My habit with SQL queries is to separate them from other code, cf the
usual illustration of having them 'buried' within the code,
immediately before, or even part of, the query call.
I like that idea, as I find that I am embedding more and more SQL in my
code.
How do you handle parameters? Do you leave placeholders ('?' or '%s') in
the query, and leave it to the 'importer' of the query to figure out
what is required?
Yes. Most "connector" software includes a feature which auto-magically
escapes all variable-data - a valuable safety feature!
I've been experimenting by going further and providing app.devs with
functions/methods, a mini-API if you will. Given that many?most don't
like having to deal with SQL, the extra 'insulation' boosts my personal
popularity...
(and I need as much of that as I can get!)
--
Regards =dn
--
https://mail.python.org/mailman/listinfo/python-list
