Steve, I want to make sure I understand. My test code is below, where ph serves as a placeholder. I am preparing for a case where the number of ? will be driven by the length of the insert record (dx)
dtable= 'DTABLE3' print 'Insert data into table %s, version #3' % dtable ph= '?, ?, ?, ?' sqlx= 'INSERT INTO %s VALUES ( %s ) ' % (dtable,ph) t0a=time.time() for dx in d1: curs1.execute(sqlx,dx) print (time.time()-t0a) print curs1.lastrowid conn1.commit() I think you are saying that sqlx is re-evaluated in each loop, i.e. not the same as pure hard coding of sqlx= 'INSERT INTO DTABLE3 VALUES ( ?, ?, ?, ? ) ' Is that right? Hence (if I understand python convention), this can be solved by adding sqlx= copy.copy(sqlx) before the looping. And in tests adding this step saved about 5-10% in time. And yes, I can see why (B) is always better from a security standpoint. The python solutions for problems such as there are a great help for people like me, in the sense that the most secure way does not have a speed penalty (and in this case is 3-4x faster). -- http://mail.python.org/mailman/listinfo/python-list
