问题
I'm a beginner at python. We use this code to execute SQL commands.
cur.execute("INSERT INTO test (num, data) VALUES (%s, %s)", (100, "abcdef"))
I wonder is this prepared statement or just a client side quoting?
回答1:
No, it does not, not for psycopg2 at least. The "Prepare" in the docs refers to a "PREPARE TRANSACTION" which is entirely different than a prepared statement.
You can emulate a prepared statement, by overriding the methods or executing extra statements, however. See: An example of psycopg2 cursor supporting prepared statements
Please see: relevant blog entry for psycopg.
More information:
http://www.postgresql.org/docs/9.2/static/sql-prepare.html
http://www.postgresql.org/docs/current/static/sql-prepare-transaction.html
回答2:
According to the docs the execute method will "Prepare and execute a database operation (query or command).". So yes, it is a prepared statement.
来源:https://stackoverflow.com/questions/9866350/prepared-statements-using-psycopg