python equivalent of php implode
Dave Cook
davecook at nowhere.net
Thu Apr 28 01:20:03 EDT 2005
On 2005-04-27, Dennis Lee Bieber <wlfraed at ix.netcom.com> wrote:
> On Wed, 27 Apr 2005 08:44:36 +0200, Ola Natvig <ola.natvig at infosense.no>
> declaimed the following in comp.lang.python:
>> sql = "INSERT INTO %s (%s) VALUES (%s)" % (table, ','.params.keys()),
>> ','.join(param.values()))
> That also violates the DB-API recommendations that the
> .execute() method should be used to do parameter substitution -- to
> ensure proper quoting of odd data...
I would think this would be OK:
keys = params.keys()
columnList = ", ".join(keys)
valueList = ["%%(%s)s" % key for keys]
sql = "INSERT INTO %s (%s) VALUES (%s)" % (table, columnList, valueList)
cursor.execute(sql, params)
Though you would probably want to go further and filter out keys that don't
belong in the table, something like:
keys = [key for key in tableColumns if key in params]
Dave Cook
More information about the Python-list
mailing list