Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8E5E09232 for ; Thu, 21 Jun 2012 06:56:33 +0000 (UTC) Received: (qmail 72398 invoked by uid 500); 21 Jun 2012 06:56:31 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 72367 invoked by uid 500); 21 Jun 2012 06:56:31 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 72339 invoked by uid 99); 21 Jun 2012 06:56:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jun 2012 06:56:30 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FSL_RCVD_USER,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sylvain@datastax.com designates 209.85.161.172 as permitted sender) Received: from [209.85.161.172] (HELO mail-gg0-f172.google.com) (209.85.161.172) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jun 2012 06:56:23 +0000 Received: by ggnc4 with SMTP id c4so208628ggn.31 for ; Wed, 20 Jun 2012 23:56:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=b6jNBuwYqpR8E/uO7f+cjlceuxhLcGwZJXKlGbIaGXI=; b=dHA6e/uxoGSqrEJSdk/I76t1KmDJxHOyQi3251cqSB4rvrYMA2zJn2pvCKYVO/pRIR fqAKv+vBCoDtqHGHXFVBWBkYf/uBxltjp14y3dbzSqHDkNF+GoZ6YEZDk1YOxhc/kEL6 7NakyyaccS9C1W0aPGFY9yZ1/UvDhfgxCNWr7SjX5P/JmWypH++qDpw334mt+vq5oA/K 3iNcZhIhB6TFXL+afqQNRGAHQEc0HCfnWHsVjpHSrScaVV1g6OiwNfJhbT7MwtttYGSW oGfOHM4qGFp5OCGlV6cq2GX3ibsxeKhj9E0/c84+b2CJYtt/DxDmPNm6EsZzYG/NsbLI 5MRQ== MIME-Version: 1.0 Received: by 10.60.25.100 with SMTP id b4mr26354936oeg.64.1340261762601; Wed, 20 Jun 2012 23:56:02 -0700 (PDT) Received: by 10.182.17.136 with HTTP; Wed, 20 Jun 2012 23:56:02 -0700 (PDT) In-Reply-To: References: Date: Thu, 21 Jun 2012 08:56:02 +0200 Message-ID: Subject: Re: When will CQL BATCH support binding variable (Query substitution use named parameters)? From: Sylvain Lebresne To: user@cassandra.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQliogqFsLh+eIr10XhRQVgV5uscv8luGARIzf3I+QK40YU8dBeRlChuHvM2ut5DbOYubNza X-Virus-Checked: Checked by ClamAV on apache.org On Thu, Jun 21, 2012 at 12:06 AM, Data Craftsman wrote: > Hello, > > CQL BATCH is good for INSERT/UPDATE performance. > > But it cannot do binding variable, exposed to SQL injection. > > Is there a plan to make CQL BATCH to support binding variable in near future? > > e.g. > http://code.google.com/a/apache-extras.org/p/cassandra-dbapi2/ > > Query substitution > Use named parameters and a dictionary of names and values. > >>> cursor.execute("SELECT column FROM CF WHERE name=:name", dict(name="Foo")) That may be a problem with the python driver (cassandra-dbapi2) and you'd want to open an issue there. But note that the "query substitution" of the python driver is *not* related to CQL prepared statements (that use question marks for bound variables). Those support BATCH all right. -- Sylvain