Thread: [SQLObject] Paramaterized queryAll...
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
From: Sam's L. <sam...@gm...> - 2009-08-15 05:19:42
|
QueryAll and QueryOne work okay with strings. But I'd like to be able to pass parameterized queries to them. Am I correct that this is not supported? What are my options? I.e. something like this: queryAll('select * from stocks where symbol=?', (symbol,)) (My actual queries are much more complicated, of course). I am using PostgreSQL, if it matters. Thanks Sam |
From: Oleg B. <ph...@ph...> - 2009-08-15 14:48:18
|
On Fri, Aug 14, 2009 at 10:19:23PM -0700, Sam's Lists wrote: > QueryAll and QueryOne work okay with strings. > > But I'd like to be able to pass parameterized queries to them. Am I correct > that this is not supported? What are my options? > > I.e. something like this: > > queryAll('select * from stocks where symbol=?', (symbol,)) > > (My actual queries are much more complicated, of course). The best thing would be to merge my work on the parameterized queries at http://svn.colorstudy.com/home/phd/SQLObject/paramstyles/ . Look at sqlobject/include/DBSingleStyle.py and sqlobject/dbconnection.py. I was working on the branch and wanted to merge it into mainline, but at that time Luke Opperman merged his work (all SELECT implementations moved to SQLBuilder, and all implementations use unified sqlbuilder.Select) and the paramstyles branch became too much incompatible with the mainline, so I dropped it. Now it requires a lot of work to be merged; actually I think most of the work needs to be redone almost from the beginning; the work must change SQLBuilder instead of DBConnection. The second option is to create query strings yourself using SQLBuilder.Select or just string interpolation. Oleg. -- Oleg Broytmann http://phd.pp.ru/ ph...@ph... Programmers don't die, they just GOSUB without RETURN. |
From: Sam's L. <sam...@gm...> - 2009-08-16 02:02:26
|
Oleg.... I'm not sure I'm the one to do the merge, you wrote the code, and you seem to know more about SQLObject than anyone else in the world, including I'd guess Ian at this point. But it does seem like a really cool, and important feature. So if you do decide to merge it at some point, thank you! I know I'll benefit from it and so will many other SQLObject users. Thanks Sam On Sat, Aug 15, 2009 at 7:48 AM, Oleg Broytmann <ph...@ph...> wrote: > On Fri, Aug 14, 2009 at 10:19:23PM -0700, Sam's Lists wrote: > > QueryAll and QueryOne work okay with strings. > > > > But I'd like to be able to pass parameterized queries to them. Am I > correct > > that this is not supported? What are my options? > > > > I.e. something like this: > > > > queryAll('select * from stocks where symbol=?', (symbol,)) > > > > (My actual queries are much more complicated, of course). > > The best thing would be to merge my work on the parameterized queries at > http://svn.colorstudy.com/home/phd/SQLObject/paramstyles/ . Look at > sqlobject/include/DBSingleStyle.py and sqlobject/dbconnection.py. I was > working on the branch and wanted to merge it into mainline, but at that > time Luke Opperman merged his work (all SELECT implementations moved to > SQLBuilder, and all implementations use unified sqlbuilder.Select) and the > paramstyles branch became too much incompatible with the mainline, so I > dropped it. Now it requires a lot of work to be merged; actually I think > most of the work needs to be redone almost from the beginning; the work > must change SQLBuilder instead of DBConnection. > > The second option is to create query strings yourself using > SQLBuilder.Select or just string interpolation. > > Oleg. > -- > Oleg Broytmann http://phd.pp.ru/ ph...@ph... > Programmers don't die, they just GOSUB without RETURN. > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > sqlobject-discuss mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss > |
From: Frank W. <fra...@no...> - 2009-08-18 15:51:43
|
I absolutely second that! I'd love to see parameterized queries in SQLObject, but am unfortunately not a skilled enough programmer to do this kind of work ... Frank 2009/8/16 Sam's Lists <sam...@gm...> > Oleg.... > > I'm not sure I'm the one to do the merge, you wrote the code, and you seem > to know more about SQLObject than anyone else in the world, including I'd > guess Ian at this point. > > But it does seem like a really cool, and important feature. So if you do > decide to merge it at some point, thank you! I know I'll benefit from it > and so will many other SQLObject users. > > Thanks > Sam > > > On Sat, Aug 15, 2009 at 7:48 AM, Oleg Broytmann <ph...@ph...> wrote: > >> On Fri, Aug 14, 2009 at 10:19:23PM -0700, Sam's Lists wrote: >> > QueryAll and QueryOne work okay with strings. >> > >> > But I'd like to be able to pass parameterized queries to them. Am I >> correct >> > that this is not supported? What are my options? >> > >> > I.e. something like this: >> > >> > queryAll('select * from stocks where symbol=?', (symbol,)) >> > >> > (My actual queries are much more complicated, of course). >> >> The best thing would be to merge my work on the parameterized queries >> at >> http://svn.colorstudy.com/home/phd/SQLObject/paramstyles/ . Look at >> sqlobject/include/DBSingleStyle.py and sqlobject/dbconnection.py. I was >> working on the branch and wanted to merge it into mainline, but at that >> time Luke Opperman merged his work (all SELECT implementations moved to >> SQLBuilder, and all implementations use unified sqlbuilder.Select) and the >> paramstyles branch became too much incompatible with the mainline, so I >> dropped it. Now it requires a lot of work to be merged; actually I think >> most of the work needs to be redone almost from the beginning; the work >> must change SQLBuilder instead of DBConnection. >> >> The second option is to create query strings yourself using >> SQLBuilder.Select or just string interpolation. >> >> Oleg. >> -- >> Oleg Broytmann http://phd.pp.ru/ ph...@ph... >> Programmers don't die, they just GOSUB without RETURN. >> >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> 30-Day >> trial. Simplify your report design, integration and deployment - and focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> sqlobject-discuss mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss >> > > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > sqlobject-discuss mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss > > |
From: Oleg B. <ph...@ph...> - 2009-08-18 16:16:42
|
On Tue, Aug 18, 2009 at 05:51:13PM +0200, Frank Wagner wrote: > I'd love to see parameterized queries in SQLObject BTW, why? From the user point of view there would be no API change, so what makes parameterized queries so attractive? Oleg. -- Oleg Broytmann http://phd.pp.ru/ ph...@ph... Programmers don't die, they just GOSUB without RETURN. |
From: Andrew P. <ape...@gm...> - 2009-08-18 17:19:31
|
Whoops! Missed the list on that one. Agreed, though. I think prepare statements should be on the todo list. And next...the WORLD! Keep rocking. -Andrew Peace On Tue, Aug 18, 2009 at 1:12 PM, Oleg Broytmann<ph...@ph...> wrote: > On Tue, Aug 18, 2009 at 12:50:29PM -0400, Andrew Peace wrote: >> I don't get in on the list much (though I read every word :) > > So you don't want our conversation to be forwarded to the list? > >> but I >> figured I'd put in my two cents. I see a great reason to include a >> feature like this: prepared statements. >> http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html >> http://www.postgresql.org/docs/8.1/interactive/sql-prepare.html > > This requires generating a special PREPARE statement that's hard to > generate in SQLObject even with parametrized queries. More changes will be > required. I will add prepared statements to my TODO but at the very end. > >> http://sqlite.org/c3ref/stmt.html > > SQLObject uses PySQLite and PySQLite doesn't seem to export > prepare-related API. > > Oleg. > -- > Oleg Broytmann http://phd.pp.ru/ ph...@ph... > Programmers don't die, they just GOSUB without RETURN. > >From before: I don't get in on the list much (though I read every word :) but I figured I'd put in my two cents. I see a great reason to include a feature like this: prepared statements. It doesn't *appear* that SQLObject/SQLBuilder supports prepared statements, but they can be beneficial. I know in MySQL they help a great deal with preventing SQL injections so the developer doesn't have to worry about it (as much). Also, it allows the query to be parsed only once if it is used repeatedly. This could give a substantial performance boost for large data sets, especially with inserts, updates, and the like. In any case, the ability to use prepared statements in databases that support them would be nice :D Some links: http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html http://www.postgresql.org/docs/8.1/interactive/sql-prepare.html http://sqlite.org/c3ref/stmt.html |
From: Oleg B. <ph...@ph...> - 2009-08-18 17:30:19
|
On Tue, Aug 18, 2009 at 01:17:22PM -0400, Andrew Peace wrote: > I think prepare > statements should be on the todo list. And next...the WORLD! Well, my TODO is rather big, and I work on it a bit too slow. So the world must wait until we'll be ready to conquer it. ;) > Keep rocking. Thank you! Oleg. -- Oleg Broytmann http://phd.pp.ru/ ph...@ph... Programmers don't die, they just GOSUB without return. |