From: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
---|---|
To: | Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> |
Cc: | "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
Subject: | Re: Solving the SQL composition problem |
Date: | 2017-01-02 16:21:31 |
Message-ID: | CA+mi_8ZCuTkb9OJc5NRqTBv4R0-ukP3qx1bCGJ6eSS7_3zoRSg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
On Mon, Jan 2, 2017 at 4:05 PM, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> wrote:
> On 1/1/17 2:11 AM, Daniele Varrazzo wrote:
>>
>> sql.SQL("insert into %s values (%%s)") %
>> [sql.Identifier('mytable')],
>
>
> Since %s isn't standard parameter replacement anyway, I'm wondering if both
> considerations could just be handled by execute(), by using different
> replacement syntax. IE:
>
> execute('insert into %s values ($1)', [42], ['my table'])
>
> Obviously this would be backwards incompatible, but I think that's
> manageable.
mmm... what I think is that if these objects' replacement rules were
different one could leave the %s and %(name)s placeholder untouched
for the query params.
A natural choice could be to use the str.format syntax for the query
composition, or a subset of it. Hence my example could be:
cur.execute(
sql.SQL("insert into {} values (%s,
%s)").format(sql.Identifier('my_table')),
[10, 20])
This would largely remove the need for double escaping.
-- Daniele
From | Date | Subject | |
---|---|---|---|
Next Message | Daniele Varrazzo | 2017-01-02 16:24:47 | Re: speed concerns with executemany() |
Previous Message | Karsten Hilbert | 2017-01-02 16:16:12 | Re: speed concerns with executemany() |