| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com>, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> |
| Cc: | "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
| Subject: | Re: Solving the SQL composition problem |
| Date: | 2017-01-02 17:03:23 |
| Message-ID: | ef4622c4-255b-4bf0-3e4a-a3dc044f5c11@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
On 01/02/2017 08:21 AM, Daniele Varrazzo wrote:
> On Mon, Jan 2, 2017 at 4:05 PM, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> wrote:
>> On 1/1/17 2:11 AM, Daniele Varrazzo wrote:
>>>
>>> sql.SQL("insert into %s values (%%s)") %
>>> [sql.Identifier('mytable')],
>>
>>
>> Since %s isn't standard parameter replacement anyway, I'm wondering if both
>> considerations could just be handled by execute(), by using different
>> replacement syntax. IE:
>>
>> execute('insert into %s values ($1)', [42], ['my table'])
>>
>> Obviously this would be backwards incompatible, but I think that's
>> manageable.
>
> mmm... what I think is that if these objects' replacement rules were
> different one could leave the %s and %(name)s placeholder untouched
> for the query params.
>
> A natural choice could be to use the str.format syntax for the query
> composition, or a subset of it. Hence my example could be:
>
> cur.execute(
> sql.SQL("insert into {} values (%s,
> %s)").format(sql.Identifier('my_table')),
> [10, 20])
I like this, makes it clearer what is an identifier versus a placeholder.
>
> This would largely remove the need for double escaping.
>
> -- Daniele
>
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oswaldo | 2017-01-02 19:33:35 | Re: speed concerns with executemany() |
| Previous Message | Adrian Klaver | 2017-01-02 16:35:08 | Re: speed concerns with executemany() |