Updating SQL table problems with python

[Paul Boddie]

kuntzagk at sulawesi.bioinf.mdc-berlin.de wrote in message news:<bbn8ik$bdu9q$1 at fu-berlin.de>...
> 

[Some SQL with '%s' in the middle of it, used in conjunction with
string substitution.]

> Did you get a python syntax error or a SQL syntax error?
> If the latter, check if your title contains a quote charakter. 
> Got bitten by this myself.

Please:

  * Do as Andy Todd suggested and use statement parameters.
  * Do not mess around with quoting your values and dropping them
    directly into SQL statements.

Otherwise:

  * Your application may fail when it gets characters you didn't
    think about and which your database system's SQL parser reacts
    badly to.
  * You may be exposing security-related defects because of quoting
    issues you hadn't considered.

I recommend taking a couple of minutes looking at the DB-API and
reading about "paramstyle" and cursor objects. This will save you a
lot of time and needlessly wasted effort later on.

  http://www.python.org/peps/pep-0249.html

Paul