I'm a beginner at python. We use this code to execute SQL commands.
cur.execute("INSERT INTO test (num, data) VALUES (%s, %s)", (100, "abcdef"))
I wonder is this prepared statement or just a client side quoting?
I'm a beginner at python. We use this code to execute SQL commands.
cur.execute("INSERT INTO test (num, data) VALUES (%s, %s)", (100, "abcdef"))
I wonder is this prepared statement or just a client side quoting?
No, it does not, not for psycopg2 at least. The "Prepare" in the docs refers to a "PREPARE TRANSACTION" which is entirely different than a prepared statement.
You can emulate a prepared statement, by overriding the methods or executing extra statements, however. See: An example of psycopg2 cursor supporting prepared statements
Please see: relevant blog entry for psycopg.
More information:
http://www.postgresql.org/docs/9.2/static/sql-prepare.html
http://www.postgresql.org/docs/current/static/sql-prepare-transaction.html
According to the docs the execute method will "Prepare and execute a database operation (query or command).". So yes, it is a prepared statement.