durusmail: quixote-users: Re: Popularity of Quixote
Popularity of Quixote
2005-10-17
2005-10-17
Re: Popularity of Quixote
2005-10-18
2005-10-19
2005-10-19
2005-10-19
ANN: TURBOZCHERRYPLORAILS
2005-10-19
2005-10-19
2005-10-19
2005-10-22
2005-10-22
2005-10-25
2005-10-25
2005-10-25
2005-10-25
2005-10-25
2005-10-25
2005-10-25
2005-10-25
2005-10-26
2005-10-27
2005-10-27
2005-10-27
2005-10-27
2005-10-27
2005-10-27
2005-10-27
DateTime quoting in psycopg
2005-10-28
Re: Popularity of Quixote
Mike Orr
2005-10-27
The problem is the various databases quote things differently, and
DB-API does little to standardize this.  DB-API defines a high-level
substitution placeholder ('?' or '%s' or '%(name)s' according to the
database -- already a violation of One Way To Do It) but does not
define a low-level escaping.  Additionally, there are two kinds of
escaping: one that puts quotes around non-numeric values (suitable for
literals) and one that doesn't (suitable for table names, database
names, functional expressions, etc -- although I think MySQL allows
quoted table/database names).  You are encouraged to write:

    WHERE my_field >= %s

and let it worry about the quoting.  It works for ordinary strings,
numbers, and None, and generally works with dates.  But if the value
is a built-in expression like 'CURRENT_TIMESTAMP', or you're trying to
convert a list to an IN expression, it doesn't work.  I finally found
an undocumented escape() function in MySQdb and wrote a Python
function that does what I think it does (replace "'" with "\'" inside
quotes) -- but that's a database-specific implementation issue DB-API
is supposed to avoid.  And if I want to make SQL that's fully portable
between MySQL, SQLite, and PostgreSQL, no can do.  Part of this is the
various incompatible SQL syntaxes, and part is the incompatible
placeholder syntaxes.

--
Mike Orr  or 
reply