prepared statements using psycopg

2019-07-06 16:58发布

问题:

I'm a beginner at python. We use this code to execute SQL commands.

cur.execute("INSERT INTO test (num, data) VALUES (%s, %s)", (100, "abcdef"))

I wonder is this prepared statement or just a client side quoting?

回答1:

No, it does not, not for psycopg2 at least. The "Prepare" in the docs refers to a "PREPARE TRANSACTION" which is entirely different than a prepared statement.

You can emulate a prepared statement, by overriding the methods or executing extra statements, however. See: An example of psycopg2 cursor supporting prepared statements

Please see: relevant blog entry for psycopg.

More information:

http://www.postgresql.org/docs/9.2/static/sql-prepare.html
http://www.postgresql.org/docs/current/static/sql-prepare-transaction.html



回答2:

According to the docs the execute method will "Prepare and execute a database operation (query or command).". So yes, it is a prepared statement.