On Wed, Feb 12, 2014 at 5:03 PM, Tony Locke <tlo...@tlocke.org.uk> wrote: >> >> I've noticed some opinions online indicating that psycopg2 does not >> have prepared statement support (e.g. - >> >> http://www.cerias.purdue.edu/site/blog/post/beware_sql_injections_due_to_missing_prepared_statement_support/) > > the comment at the bottom of that post ultimately references a psycopg2 > message from 2007 so you'd need to ask the psycopg2 folks for updated > information. However psycopg2 can do an "executemany" with great > efficiency as it is using methodologies for which you'd have to ask them, > so if they don't use PG's actual "prepared" mechanism, its probably > unnecessary. psycopg2 is an extremely mature and high performing product.
What it doesn't support is libpq's wire protocol for prepared statements. But you can prepare and execute statements by issuing the corresponding SQL (that will use the wire protocol for SQL execution, which is a tad less efficient but still more efficient than separate queries). psycopg2's executemany isn't much more sophisticated than multiple separate queries since it internally does exactly that. It may be a tad faster since it's done in C, but I doubt the difference is significant. But, if you want an executemany that works in psycopg2 as it would in pg8000, you can PREPARE and then executemany the EXECUTE queries. -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To post to this group, send email to sqlalchemy@googlegroups.com. Visit this group at http://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/groups/opt_out.
