On Thu, 24 Mar 2005 15:03:13 +0100, Fredrik Lundh <[EMAIL PROTECTED]> \ wrote: > Bob Parnes wrote: > >> I must be missing something, so perhaps someone can explain >> the benefit of a paramstyle over the usual Python formatting >> style and maybe suggest a test to show it. Thanks. > > set the parameter to "0; DROP DATABASE template1;" and see what > happens. > > or set it to os.urandom(1000) and run your test a couple of times to see > what happens. >
Thanks for the suggestion. My system does not appear to contain an os.urandom() method. It has a /dev/urandom device, but I don't know how to use it for this purpose, except perhaps to select the first byte that it produces. I have a mediocre talent at programming, which is why I chose python. For me it was a good choice. I note this so that I hope you understand why I say that I don't know what you are driving at. My understanding is that a paramstyle is more efficient than the traditional python approach for repeated use of a query. If so, then I do not see how the choice of a parameter is relevant. If it is more efficient only in a specific abstract case, then one would have to look for other reasons to use it in a practical application. Bob Parnes -- Bob Parnes [EMAIL PROTECTED] -- http://mail.python.org/mailman/listinfo/python-list
