I'm a beginner at python. We use this code to execute SQL commands.
cur.execute("INSERT INTO test (num, data) VALUES (%s, %s)", (100, "abcdef"))
I wonder is this prepared statement or just a client side quoting?
Asked
Active
Viewed 1.9k times
7
Majid Azimi
- 5,575
- 13
- 64
- 113
-
See here: http://stackoverflow.com/questions/6775497/psycopg-get-formatted-sql-instead-of-executing – socketpair Oct 26 '14 at 18:00
3 Answers
21
No, it does not, not for psycopg2 at least. The "Prepare" in the docs refers to a "PREPARE TRANSACTION" which is entirely different than a prepared statement.
You can emulate a prepared statement, by overriding the methods or executing extra statements, however. See: An example of psycopg2 cursor supporting prepared statements
Please see: relevant blog entry for psycopg.
More information:
http://www.postgresql.org/docs/9.2/static/sql-prepare.html
http://www.postgresql.org/docs/current/static/sql-prepare-transaction.html
Richard Gomes
- 5,675
- 2
- 44
- 50
Brian
- 1,026
- 11
- 18
0
psycopg does support prepared statements starting with version 3:
https://www.psycopg.org/psycopg3/docs/advanced/prepare.html#prepared-statements
A query is prepared automatically after it is executed more than prepare_threshold times on a connection.
Mike Siomkin
- 667
- 8
- 15
-8
According to the docs the execute method will "Prepare and execute a database operation (query or command).". So yes, it is a prepared statement.
SpliFF
- 38,186
- 16
- 91
- 120
-
15Actually it currently does not. The "Prepare" in this documentation refers to a "PREPARE TRANSACTION" call required for two-phase commit, not a precompiled SQL statement. – Brian Apr 15 '13 at 18:16