cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Lebresne <>
Subject Re: When will CQL BATCH support binding variable (Query substitution use named parameters)?
Date Thu, 21 Jun 2012 06:56:02 GMT
On Thu, Jun 21, 2012 at 12:06 AM, Data Craftsman
<> wrote:
> Hello,
> CQL BATCH is good for INSERT/UPDATE performance.
> But it cannot do binding variable, exposed to SQL injection.
> Is there a plan to make CQL BATCH to support binding variable in near future?
> e.g.
> Query substitution
> Use named parameters and a dictionary of names and values.
>>> cursor.execute("SELECT column FROM CF WHERE name=:name", dict(name="Foo"))

That may be a problem with the python driver (cassandra-dbapi2) and
you'd want to open an issue there.

But note that the "query substitution" of the python driver is *not*
related to CQL prepared statements (that use question marks for bound
variables). Those support BATCH all right.


View raw message