On 2015-02-19 05:32, Mark Lawrence wrote:
> On 19/02/2015 00:08, Mario Figueiredo wrote:
> > Parameterized queries is just a pet peeve of mine that I wish to
> > include here. SQLite misses it and I miss the fact SQLite misses
> > it. The less SQL one needs to write in their code, the happier
> > one should be.
>
> Instead, use the DB-API’s parameter substitution. Put ? as a
> placeholder wherever you want to use a value, and then provide a
> tuple of values as the second argument to the cursor’s execute()
> method. (Other database modules may use a different placeholder,
> such as %s or :1.) For example:..."
I think Mario was referring to what other back ends call prepared
statements. So you do something like
sql = "..." # parameters are referenced here
conn = sqlite3.connect(...)
stmt = conn.prepare(sql)
for parameters in list_of_parameters:
stmt.execute(*parameters)
This saves the SQL processor from recompiling the SQL into internal
byte-code every time. It's handy if you know a given query will run
multiple times with the same "shape" parameters. It's not essential,
and some optimize away the need, but many back-end interfaces support
it.
-tkc
--
https://mail.python.org/mailman/listinfo/python-list
