homepage

Sorry if this isn't the place for this, it is my first python bug report.
In PEP 249 Python database API specifiction 2.0 the Cursor execute method[1] is described as taking a variable number of arguments for substitution of '?' in the SQL string. In the documentation of the sqlite3 module the Cursor execute method is also described this way[2].
However, the actual method requires a sequence, in the same way that the executemany method does. This does not match the execute method in (for instance) pyodbc and means one cannot write code that is (fully) agnostic to the connection type.
[1]: http://www.python.org/dev/peps/pep-0249/#id15
[2]: http://docs.python.org/2/library/sqlite3.html#sqlite3.Cursor.execute
Pasted below is an example of this from python 3.3
In [1]: import sqlite3
In [2]: con = sqlite3.connect(":memory:")
In [4]: con.execute('create table foo (bar int, baz int)')
Out[4]: <sqlite3.Cursor at 0x7fe622286730>
In [5]: con.execute('insert into foo values (?, ?)', 4, 5)
---------------------------------------------------------------------------
TypeError Traceback (most recent call last)
<ipython-input-5-a0ea5e3e7a03> in <module>()
----> 1 con.execute('insert into foo values (?, ?)', 4, 5)
TypeError: function takes at most 2 arguments (3 given)
In [6]: con.execute('insert into foo values (?, ?)', (4, 5))
Out[6]: <sqlite3.Cursor at 0x7fe622201880>
In [7]:

@Andrew your words describe the Cursor execute method but your examples show the Connection execute method, can you clarify please.

I think the name "parameters" causes a confusion here. It basically means
 def execute(sql, parameters):
not 
 def execute(sql, *parameters):
So ``con.execute('insert into foo values (?, ?)', (4, 5))`` is the correct usage of the API.
Also, this looks like a duplicate of issue 20364.