On 02/19/2015 09:03 AM, Tim Chase wrote: > On 2015-02-19 15:04, Mark Lawrence wrote: >> On 19/02/2015 14:17, Tim Chase wrote: >>>>> Parameterized queries is just a pet peeve of mine that I wish to >>>>> include here. SQLite misses it and I miss the fact SQLite misses >>>>> it. The less SQL one needs to write in their code, the happier >>>>> one should be. >>>> >>>> Instead, use the DB-API's parameter substitution. Put ? as a >>>> placeholder wherever you want to use a value, and then provide a >>>> tuple of values as the second argument to the cursor's execute() >>>> method. (Other database modules may use a different placeholder, >>>> such as %s or :1.) For example:..." >>> >>> I think Mario was referring to what other back ends call prepared >>> statements. >> >> Is this >> https://docs.python.org/3/library/sqlite3.html#sqlite3.Cursor.executemany >> an equivalent? > > Depends on whether sqlite3.Cursor.executemany() uses > > https://www.sqlite.org/c3ref/stmt.html > > under the hood.
So it seems that Sqlite does have prepared statements -- they are just accessible from the api and not from SQL. Regarding Mark's question I would say that a more significant difference is that executemany() requires you to know all the bind parameter values at the time the statement is executed. A prepared statement does not require you to know any of the bind parameter values when you prepare the statement -- they are supplied to the prepared statement at any later time or times when you execute the prepared statement. -- https://mail.python.org/mailman/listinfo/python-list
