| 1863 | | ``connection`` and ``cursor`` simply use the standard `Python DB-API`_. If |
|---|
| 1864 | | you're not familiar with the Python DB-API, note that the SQL statement in |
|---|
| 1865 | | ``cursor.execute()`` uses placeholders, ``"%s"``, rather than adding parameters |
|---|
| 1866 | | directly within the SQL. If you use this technique, the underlying database |
|---|
| 1867 | | library will automatically add quotes and escaping to your parameter(s) as |
|---|
| 1868 | | necessary. (Also note that Django expects the ``"%s"`` placeholder, *not* the |
|---|
| 1869 | | ``"?"`` placeholder, which is used by the SQLite Python bindings. This is for |
|---|
| 1870 | | the sake of consistency and sanity.) |
|---|
| | 1863 | ``connection`` and ``cursor`` mostly implement the standard `Python DB-API`_ |
|---|
| | 1864 | (except when it comes to `transaction handling`_). If you're not familiar with |
|---|
| | 1865 | the Python DB-API, note that the SQL statement in ``cursor.execute()`` uses |
|---|
| | 1866 | placeholders, ``"%s"``, rather than adding parameters directly within the SQL. |
|---|
| | 1867 | If you use this technique, the underlying database library will automatically |
|---|
| | 1868 | add quotes and escaping to your parameter(s) as necessary. (Also note that |
|---|
| | 1869 | Django expects the ``"%s"`` placeholder, *not* the ``"?"`` placeholder, which is |
|---|
| | 1870 | used by the SQLite Python bindings. This is for the sake of consistency and |
|---|
| | 1871 | sanity.) |
|---|
