[Twisted-Python] quoting strings in db transactions
Andrew Bennetts
andrew-twisted at puzzling.org
Tue Feb 18 17:29:07 MST 2003
On Tue, Feb 18, 2003 at 05:08:23PM +0100, Federico Di Gregorio wrote:
> hi *,
>
> i'm going through the twisted.enterprise python code and i find almost
> everywhere commens as:
>
> safe(text)
> Make a string safe to include in an SQL statement
>
> or
> escape_string(self, text)
> Escape a string for use in an SQL statement.
>
> imho, this is plain wrong. twisted uses dbapi compliant adapters and
> they *should* provide safe argument quoting (as per DBAPI-2.0.) it is
> almost impossible to manage the quoting the right way for every db
> adapter, but it is possible to call the driver the right way and let it
> do the quoting.
They should provide it -- but they provide it differently, which
unfortunately DBAPI-2.0 allows. See the docs for the 'paramstyle' module
attribute at:
http://www.python.org/topics/database/DatabaseAPI-2.0.html
I don't see any sane way to provide safe automatic quoting in adbapi, but
I'd love to be proved wrong.
> also, how much mature is the enterprise code? it is a stable API or
> there is space for contributions?
The module and package docstrings don't have a "Stability: ..." line, so
the API is officially unstable. Patches are welcome :)
-Andrew.
More information about the Twisted-Python
mailing list