MySQLdb select
Harald Massa
cpl.19.ghum at spamgourmet.com
Sun Aug 1 17:41:04 EDT 2004
Ruben,
it is considered bad style wihtin c.l.p. to have aggressive emotions
apart from mails about a "ternary operator"
The correct way would have been:
> > cursor.execute("SELECT * FROM mytest where clientID = %d" % numb)
>>
>> That's particularly BAD STYLE. It's best to keep to letting the
>> DB-API do the proper quoting for all parameters.
"Gerhard, why is this BAD STYLE? And how can I make the DB-API do the
proper quoting for all parameters?"
And probably the answer would have been:
with doing
"SELECT * FROM mytest where clientID = %d" % numb
you are using the standard Python String-Formatting Functions. That may
or may not lead to success.
Especially when using a mixture of strings and numbers, they have to be
quoted differently.
Also special characters within strings have to be quoted - for example,
the single ' has to be quoted within SQL because it is usually used as
string delimiter
cursor.execute("SELECT * FROM mytest where clientID = %d" , numb)
The "," is the magic -
with "Bla " % sth you are passing ONE argument --- the %s gets
substituted, and one argument gets passed to the function.
With "," two arguments get passed to the execute-"function" so that the
DB-API has the challenge to integrate the parameters into the SQL-String.
And it is more bad style to write
"SELECT * FROM mytest where clientID = %d" % numb
because % is defined with using a Tuple as second parameter, that would
be
"clientID = %d" % (numb,)
Using % with sth. else than a tuple may succeed or give you very funny
errors if numb happens to be a List in a later run.
Best wishes,
Harald
More information about the Python-list
mailing list