[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strings: double versus single quotes

On 24/05/20 5:43 PM, Frank Millman wrote:
> On 2020-05-23 9:45 PM, DL Neil via Python-list wrote:
>> My habit with SQL queries is to separate them from other code, cf the 
>> usual illustration of having them 'buried' within the code, 
>> immediately before, or even part of, the query call.
> I like that idea, as I find that I am embedding more and more SQL in my 
> code.
> How do you handle parameters? Do you leave placeholders ('?' or '%s') in 
> the query, and leave it to the 'importer' of the query to figure out 
> what is required?

Yes. Most "connector" software includes a feature which auto-magically 
escapes all variable-data - a valuable safety feature!

I've been experimenting by going further and providing app.devs with 
functions/methods, a mini-API if you will. Given that many?most don't 
like having to deal with SQL, the extra 'insulation' boosts my personal 
(and I need as much of that as I can get!)
Regards =dn