On 2/14/13 9:23 AM, Manlio Perillo wrote:
> 1) always use PQsendQueryParams functions.
>
> This will avoid having to escape parameters, as it is done in
> psycopg2
> (IMHO it still use simple query protocol for compatibility purpose)
I think the reason this doesn't work is that in order to prepare a query
you need to know the parameter types, but you don't know that in Python,
or at least with the way the DB-API works. For example, if you write
cur.execute("SELECT * FROM tbl WHERE a = %s AND b = %s", (val1, val2))
what types will you pass to PQsendQueryParams?
You can make some obvious heuristics, but this sort of thing can get
complicated pretty quickly.