MySQLdb, escaping values
Skip Montanaro
skip at pobox.com
Wed May 7 08:31:46 EDT 2003
John> c.execute('select * from image where pid=%d', (1234,))
John> c.execute('select * from image where pid=%d', 1234)
I believe you are just supposed to always use %s. MySQLdb (or _mysql
beneath it) takes care of the type info.
John> but this call works as expected:
John> c.execute('select * from image where pid=%d' % 1234)
Well, yeah, but Python's doing the stringifying. This wouldn't work as
expected though:
c.execute('select * from image where descrip=%s' % '''"Strange, isn't it?"''')
John> So I often use a hybrid of python and mysql string format capabilities
John> as a workaround.
Shouldn't be necessary in my experience.
Skip
More information about the Python-list
mailing list