Menu
▾
▴
[Pypgsql-users] Prepared Statements
|
From: Ben L. <be...@zu...> - 2003-04-14 11:12:50
|
Hi,
In my program I was building SQL queries in this fashion:
sql = "SELECT wibble FROM wobble "
sql += " WHERE somefield = '%s';" % some_variable
cursor.execute(sql)
Doing it properely gives me flexibility, especially with regard to quoting
bytea values, and security, viz:
cursor.execute("SELECT wibble FROM wobble WHERE somefield = %s;",
some_variable)
However, some of my SQL statements get rather complicated, is there a way of
building one up gradually then passing it to cursor.execute()? Sometimes I
need to include/exclude entire subclauses.
Thanks,
Ben Lamb.
|
