"Parameterization" is done in MySQLdb by escaping strings and then blindly interpolating them into the query, instead of using the MYSQL_STMT API. As a result unicode strings have to go through two intermediate representations (encoded string, escaped encoded string) before they're received by the database.
检查MySQLdbPackage Comments:
所以答案是:不,不是
它有某种参数化,yes。
即便如此,我还是建议你换成oursql。它将a lot of advantages带到MySQLdb:
相关问题 更多 >
编程相关推荐