Il giorno mar, 22-03-2005 alle 22:07 +0100, Stephane Bortzmeyer ha
scritto:
> On Tue, Mar 22, 2005 at 09:52:20PM +0100,
> Federico Di Gregorio <fog-NGVKUo/i/6DYtjvyW6yDsg@xxxxxxxxxxxxxxxx> wrote
> a message of 18 lines which said:
>
> > > I find that PEP 249 is quite short on the paramstyle field of the DB
> > > module. Apparently (see file attached), psycopg quotes the parameters
> > > of type string but PoPy does not, making very difficult to port a
> > > program between the two.
> > >
> > > Which one is right?
> >
> > PoPy is wrong.
>
> Can you substantiate the claim so that the PoPy people can act for the
> next release? As I said, PEP-249 seems unclear to me.
Yes. There was a discussion on the db-sig mailing list about 2 years ago
and almost all driver developers agreed that the query string should NOT
be quoted while the bound variables SHOULD ALWAYS be quoted. Python's
string, int and float types can be passed to the driver as is while
complex types (dates, etc.) should be wrapped using one of the function
described in the PEP. Data types not described in the PEP are left to
the implementation.
Also, bound variables should be used for DATA only, not for table or
column names. If you need to build the query dinamically first build it
(embedding variable markers) and then pass to .execute() the query and
the list of bound variables to be quoted.
psycopg 1 follows the PEP very closely and *requires* you to wrap
anything else than string, int and float. I advocated round-trip and
adaptation on the db-sig but my arguments didn't get through.
psycopg 2 and pysqlite will (psycopg 2 already does) both support
round-trip and adaptation and we'll (me and pysqlite author) probably
try to push for a revised PEP in the future.
hope this helps,
federico
|
