MySQLdb, escaping values
Greg Fortune
lists at gregfortune.com
Wed May 7 14:18:56 EDT 2003
It's sometimes helpful to note that you can used named parameters if you
pass a mapping rather than a tuple. So,
c.execute('select * from image where pid=%(the_pid)s', {'the_pid':1234})
will work as well. Make sure you include the trailing s after (). If you
leave the s out, it throws a really strange error :)
Greg Fortune
Fortune Solutions
Skip Montanaro wrote:
>
> John> c.execute('select * from image where pid=%d', (1234,))
> John> c.execute('select * from image where pid=%d', 1234)
>
> I believe you are just supposed to always use %s. MySQLdb (or _mysql
> beneath it) takes care of the type info.
>
> John> but this call works as expected:
>
> John> c.execute('select * from image where pid=%d' % 1234)
>
> Well, yeah, but Python's doing the stringifying. This wouldn't work as
> expected though:
>
> c.execute('select * from image where descrip=%s' % '''"Strange, isn't
> it?"''')
>
> John> So I often use a hybrid of python and mysql string format
> capabilities John> as a workaround.
>
> Shouldn't be necessary in my experience.
>
> Skip
More information about the Python-list
mailing list