指定绑定变量后的实际SQL语句 [英] Actual SQL statement after bind variables specified

问题描述

我正在尝试记录从脚本执行的每个SQL语句.但是，我考虑了一个我无法克服的问题.

I am trying to log every SQL statement executed from my scripts. However I contemplate one problem I can not overcome.

在指定了绑定变量之后，是否有一种方法可以计算实际的SQL语句.在SQLite中，我必须使用以下代码计算要手动执行的语句:

Is there a way to compute actual SQL statement after bind variables were specified. In SQLite I had to compute the statement to be executed manually, using code below:

def __sql_to_str__(self, value,args):
    for p in args:
        if type(p) is IntType or p is None:
            value = value.replace("?", str(p) ,1)
        else:
            value = value.replace("?",'\'' + p + '\'',1)
    return value

似乎CX_Oracle具有 cursor.parse()功能.但是我不知道如何在执行之前欺骗CX_Oracle以计算我的查询.

It seems CX_Oracle has cursor.parse() facilities. But I can't figure out how to trick CX_Oracle to compute my query before its execution.

推荐答案

查询从不计算为单个字符串.查询的实际文本和参数是从不插值，并且不要生成一个真正的完整字符串.

The query is never computed as a single string. The actual text of the query and the params are never interpolated and don't produce a real full string with both.

这就是使用参数化查询的全部要点-将查询与数据分开-一次性阻止sql注入和限制，并允许轻松进行查询优化.该数据库既可以分开获取，也可以执行需要做的事情，而无需将它们连接在一起.

That's the whole point of using parameterized queries - you separate the query from the data - preventing sql injections and limitations all in one go, and allowing easy query optimization. The database gets both separately, and does what it needs to do, without ever joining them together.

也就是说，您可以自己生成查询，但是请注意，虽然生成的查询可能等效，但并不是在数据库上实际执行的查询.

That said, you could generate the query yourself, but note that the query you generate, although probably equivalent, is not what gets actually executed on the database.

这篇关于指定绑定变量后的实际SQL语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！