On 19/02/2015 14:17, Tim Chase wrote:
On 2015-02-19 05:32, Mark Lawrence wrote:
On 19/02/2015 00:08, Mario Figueiredo wrote:
Parameterized queries is just a pet peeve of mine that I wish to
include here. SQLite misses it and I miss the fact SQLite misses
it. The less SQL one needs to write in their code, the happier
one should be.
Instead, use the DB-API’s parameter substitution. Put ? as a
placeholder wherever you want to use a value, and then provide a
tuple of values as the second argument to the cursor’s execute()
method. (Other database modules may use a different placeholder,
such as %s or :1.) For example:..."
I think Mario was referring to what other back ends call prepared
statements. So you do something like
sql = "..." # parameters are referenced here
conn = sqlite3.connect(...)
stmt = conn.prepare(sql)
for parameters in list_of_parameters:
stmt.execute(*parameters)
This saves the SQL processor from recompiling the SQL into internal
byte-code every time. It's handy if you know a given query will run
multiple times with the same "shape" parameters. It's not essential,
and some optimize away the need, but many back-end interfaces support
it.
-tkc
Is this
https://docs.python.org/3/library/sqlite3.html#sqlite3.Cursor.executemany an
equivalent?
--
My fellow Pythonistas, ask not what our language can do for you, ask
what you can do for our language.
Mark Lawrence
--
https://mail.python.org/mailman/listinfo/python-list
