On Thu, Jun 21, 2012 at 12:06 AM, Data Craftsman <database.crafts...@gmail.com> wrote: > Hello, > > CQL BATCH is good for INSERT/UPDATE performance. > > But it cannot do binding variable, exposed to SQL injection. > > Is there a plan to make CQL BATCH to support binding variable in near future? > > e.g. > http://code.google.com/a/apache-extras.org/p/cassandra-dbapi2/ > > Query substitution > Use named parameters and a dictionary of names and values. > >>> cursor.execute("SELECT column FROM CF WHERE name=:name", dict(name="Foo"))
That may be a problem with the python driver (cassandra-dbapi2) and you'd want to open an issue there. But note that the "query substitution" of the python driver is *not* related to CQL prepared statements (that use question marks for bound variables). Those support BATCH all right. -- Sylvain
