Lawrence D'Oliveiro wrote: > In message <[EMAIL PROTECTED]>, Steve > Holden wrote: > > >>Lawrence D'Oliveiro wrote: >> >>>In message <[EMAIL PROTECTED]>, Steve >>>Holden wrote: >>> >>> >>> >>>>When you use the DB API correctly and paramterise your queries you still >>>>need to quote wildcards in search arguments, but you absolutely >>>>shouldn't quote the other SQL specials. >>>> >>>>That's what parameterised queries are for on the first place... >>> >>> >>>So you're suggesting I quote the wildcards, then rely on autoquoted >>>parameters to handle the rest? Unfortunately, that's stupid mistake >>>number 2. >> >>Ah, so your quoting function will deduce the context in which arguments >>intended for parameter substitution in the query will be used? Or are >>you suggesting that it's unwise to rely on autoquoted parameters? > > > No, I'm saying it's _incorrect_ to use the existing autoquoting mechanism in > combination with a separate function that escapes the wildcards. I > previously described the two stupid mistakes that can arise from having a > separate function for doing just the wildcard quoting: this is the second > one. > Sadly your assertions alone fail to convince. Perhaps you could provide a concrete example? > >>That could have a serious impact on the efficiency of some repeated >>queries. > > > Correctness comes before efficiency. It's no point doing it quickly if > you're doing it wrong.
Indeed not. But there's no point being right if you can't explain why. regards Steve -- Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC/Ltd http://www.holdenweb.com Skype: holdenweb http://holdenweb.blogspot.com Recent Ramblings http://del.icio.us/steve.holden -- http://mail.python.org/mailman/listinfo/python-list
