incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Lebresne <sylv...@datastax.com>
Subject Re: When will CQL BATCH support binding variable (Query substitution use named parameters)?
Date Thu, 21 Jun 2012 06:56:02 GMT
On Thu, Jun 21, 2012 at 12:06 AM, Data Craftsman
<database.craftsman@gmail.com> wrote:
> Hello,
>
> CQL BATCH is good for INSERT/UPDATE performance.
>
> But it cannot do binding variable, exposed to SQL injection.
>
> Is there a plan to make CQL BATCH to support binding variable in near future?
>
> e.g.
> http://code.google.com/a/apache-extras.org/p/cassandra-dbapi2/
>
> Query substitution
> Use named parameters and a dictionary of names and values.
>
>>> cursor.execute("SELECT column FROM CF WHERE name=:name", dict(name="Foo"))

That may be a problem with the python driver (cassandra-dbapi2) and
you'd want to open an issue there.

But note that the "query substitution" of the python driver is *not*
related to CQL prepared statements (that use question marks for bound
variables). Those support BATCH all right.

--
Sylvain

Mime
View raw message