3

Python has all sort of libraries to interface with databases, which provide a nice way to build SQL queries without worrying about SQL injections. For instance, with sqlite3:

for t in [('2006-03-28', 'BUY', 'IBM', 1000, 45.00),
          ('2006-04-05', 'BUY', 'MSOFT', 1000, 72.00),
          ('2006-04-06', 'SELL', 'IBM', 500, 53.00),
         ]:
    c.execute('insert into stocks values (?,?,?,?,?)', t)

The trouble is, I don't want to execute the query, I just want to format it and get the query as a string. I guess I could escape things myself, but it's not a very elegant solution. There has to be a way to get the formatted queries without actually connecting to a database and running them.

(The context is that I'm writing a filter which prepares a series of SQL statements from the input, but I don't want to run them on a specific database, just save them for later.)

Improve this question
1
  • 2
    I don't believe that's something Python is doing... isn't the ability to use parameters handled at the driver level? i.e., I would use the exact same SQL code in ASP.Net or Java to talk to the database. Commented Sep 27, 2011 at 22:40

1 Answer 1

Reset to default
5

There has to be a way to get the formatted queries without actually connecting to a database and running them

Not really.

The RDBMS handles this internally with "prepared queries" and "bind variables". The "formatted" doesn't actually exist. Anywhere.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Woops, I didn't knew about this at all, I though this was only a convenient way to take care of escaping. As it turns out, this question is irrelevant; I learnt something new today. :-) If someone else was confused by this, see: secure.wikimedia.org/wikipedia/en/wiki/Prepared_statement

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.