If so, how can I do this?
views:
122answers:
2When executing a prepared statement, no new SQL is generated. The idea of prepared statements is that the SQL query and its data are transmitted separately (that's why you don't have to escape any arguments) - the query is most likely only stored in an optimized form after preparing it.
Hi Ben,
when you create a prepared statement, the "template" SQL code is sent to the DBMS already, which compiles it into an expression tree. When you pass the values, the corresponding library (python sqlite3 module in your case) doesn't merge the values into the statement. The DBMS does.
If you still want to produce a normal SQL string, you can use string replace functions to replace the placeholders by the values (after escaping them).
What do you need this for?