On Sun, Feb 05, 2012 at 10:11:24AM +0800, Paul Wise wrote:
> On Sun, Feb 5, 2012 at 12:29 AM, Andreas Tille wrote:
>
> > The quotation is actually used to feed strings into prepared statements.
>
> Thats confusing, isn't the whole point of prepared statements that you
> don't have to escape things?
Hmmm, good point. I have not invented this quote function which has the
additional purpose to care for proper utf-8 encoding.
The current ddtp_gatherer.py is using things like:
query = "PREPARE ddtp_delete (text, text) AS DELETE FROM %s WHERE release =
$1 AND language = $2" % my_config['table']
cur.execute(query)
...
query = "EXECUTE ddtp_delete (%s, %s)" % (quote(rel), quote(lang))
cur.execute(query)
At least the code I wrote is using quote exclusively in connection with
EXECUTE of a previousely PREPAREd statement. The purpose was the
(enforced) UTF-8 conversion. When using it with PostgreSQL I needed
to change the quoting as described in the initial mail.
Can anybody from the original coders please comment?
Kind regards
Andreas.
--
http://fam-tille.de
--
To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120205195830.gh6...@an3as.eu
