MySQLdb select

[Harald Massa]

Ruben,

it is considered bad style wihtin c.l.p. to have aggressive emotions 
apart from mails about a "ternary operator"

The correct way would have been:

> > cursor.execute("SELECT * FROM mytest where clientID = %d" % numb)
>>
>> That's particularly BAD STYLE. It's best to keep to letting the
>> DB-API do the proper quoting for all parameters.

"Gerhard, why is this BAD STYLE? And how can I make the DB-API do the 
proper quoting for all parameters?"


And probably the answer would have been:

with doing 

"SELECT * FROM mytest where clientID = %d" % numb 

you are using the standard Python String-Formatting Functions. That may 
or may not lead to success.

Especially when using a mixture of strings and numbers, they have to be 
quoted differently.

Also special characters within strings have to be quoted - for example, 
the single ' has to be quoted within SQL because it is usually used as 
string delimiter

cursor.execute("SELECT * FROM mytest where clientID = %d" , numb)

The "," is the magic -

with "Bla " % sth you are passing ONE argument --- the %s gets 
substituted, and one argument gets passed to the function.

With "," two arguments get passed to the execute-"function" so that the 
DB-API has the challenge to integrate the parameters into the SQL-String.

And it is more bad style to write

"SELECT * FROM mytest where clientID = %d" % numb 

because % is defined with using a Tuple as second parameter, that would 
be
"clientID = %d" % (numb,)

Using % with sth. else than a tuple may succeed or give you very funny 
errors if numb happens to be a List in a later run.

Best wishes,

Harald