QuoteSQL
Sybren Stuvel
sybrenUSE at YOURthirdtower.com.imagination
Mon Sep 25 05:10:21 EDT 2006
Lawrence D'Oliveiro enlightened us with:
>> Wouldn't this be a whole lot better?
>>
>> cursor.execute(
>> "select * from details where person_name like ?",
>> '%' + name + '%'
>> )
>
> No. Can you figure out why?
Ok, should have tested it better. This works fine on my machine,
though:
curs.execute(
"select * from details where person_name like ?",
('%' + name + '%', )
)
Including all sorts of quotes, newlines, backslashes etc. in the name.
Sybren
--
Sybren Stüvel
Stüvel IT - http://www.stuvel.eu/
More information about the Python-list
mailing list