Hi Sylvain, Thanks for the quick response.
Yes. I don't know the difference from bind variable to "query substitution". I'm a little confused, I just try to use your language. :) In Oracle world, we called Binding Variable. Can you give me a concise example for bound variables supported by BATCH? E.g. ls_a1 = 'AA''BB'; ls_a2 = 'CC''BB'; cursor_cassandra.execute( " BEGIN BATCH INSERT INTO demo.product(id, description) VALUES (123, ?) INSERT INTO demo.product(id, description) VALUES (124, ?) APPLY BATCH ", ls_a1, ls_a2 ) Thanks, Charlie | DBA developer On Wed, Jun 20, 2012 at 11:56 PM, Sylvain Lebresne <sylv...@datastax.com> wrote: > On Thu, Jun 21, 2012 at 12:06 AM, Data Craftsman > <database.crafts...@gmail.com> wrote: >> Hello, >> >> CQL BATCH is good for INSERT/UPDATE performance. >> >> But it cannot do binding variable, exposed to SQL injection. >> >> Is there a plan to make CQL BATCH to support binding variable in near future? >> >> e.g. >> http://code.google.com/a/apache-extras.org/p/cassandra-dbapi2/ >> >> Query substitution >> Use named parameters and a dictionary of names and values. >> >>>> cursor.execute("SELECT column FROM CF WHERE name=:name", dict(name="Foo")) > > That may be a problem with the python driver (cassandra-dbapi2) and > you'd want to open an issue there. > > But note that the "query substitution" of the python driver is *not* > related to CQL prepared statements (that use question marks for bound > variables). Those support BATCH all right. > > -- > Sylvain
