This isn't a question about the matieral, just a note: I'm not sure if Q4 is a trick question, since we are supposed to treat PyMySQL as though it does real prepared queries (but in reality, it doesn't).

Why do dictionary cursors take noticeably more memory than tuple cursors when working with large datasets, and is there a rule of thumb for when to prefer one over the other? / I am still confused about the section on tuples versus dictionaries could you explain more? Thank you

Can you explain what 'sys.argv' means in the complete example of a prepared query?

I think I'm still confused on what SQL injection is, could you go over it again in class?

I think I'm a little confused about prepared queries and the use of %s.

In PyMySQL prepared queries, why do we use %s as the placeholder instead of Python's .format() or f-strings?

can you go over what each line in the correct prepared query means?

Also I dont quite understand how the placeholders being set later escapes the problem of SQL injection. Like for the example in the reading: curs.execute(sql, [year, month, date]) - couldnt year, month, and date have the injected untrustworthy information here too? Or i guess my question is where is this year month date sourced from? I guess I would love more clarity regarding how -> sql = tmpl.format(name) is bad when this is also filling in the placeholder of {}.

Why must PyMySQL fake the prepared queries, why doesnt it do the argument passing described in the footnote?

None! / none. All is clear! / Everything makes sense so far!