QuoteSQL
Duncan Booth
duncan.booth at invalid.invalid
Mon Sep 25 05:32:07 EDT 2006
Sybren Stuvel <sybrenUSE at YOURthirdtower.com.imagination> wrote:
> Ok, should have tested it better. This works fine on my machine,
> though:
>
> curs.execute(
> "select * from details where person_name like ?",
> ('%' + name + '%', )
> )
>
> Including all sorts of quotes, newlines, backslashes etc. in the name.
>
I think his point was that any '%' characters inside name act like
wildcards whereas his version looked for literal percents.
This could be an argument for having a utility function to escape the
wildcards for this sort of situation, but certainly not an argument for his
proposed QuoteSQL.
More information about the Python-list
mailing list