[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [UDD] Changing aux.py to fix quoting

On Sun, Feb 05, 2012 at 10:11:24AM +0800, Paul Wise wrote:
> On Sun, Feb 5, 2012 at 12:29 AM, Andreas Tille wrote:
> 
> > The quotation is actually used to feed strings into prepared statements.
> 
> Thats confusing, isn't the whole point of prepared statements that you
> don't have to escape things?

Hmmm, good point.  I have not invented this quote function which has the
additional purpose to care for proper utf-8 encoding.

The current ddtp_gatherer.py is using things like:

  query = "PREPARE ddtp_delete (text, text) AS DELETE FROM %s WHERE release = $1 AND language = $2" % my_config['table']
  cur.execute(query)
  ...
  query = "EXECUTE ddtp_delete (%s, %s)" % (quote(rel), quote(lang))
  cur.execute(query) 

At least the code I wrote is using quote exclusively in connection with
EXECUTE of a previousely PREPAREd statement.  The purpose was the
(enforced) UTF-8 conversion.  When using it with PostgreSQL I needed
to change the quoting as described in the initial mail.

Can anybody from the original coders please comment?

Kind regards

     Andreas.

-- 
http://fam-tille.de
Reply to: