pysqlite - simple problem
Fredrik Lundh
fredrik at pythonware.com
Sat Sep 2 02:42:26 EDT 2006
rdrink wrote:
> And yes I should prolly move to pysqlite2, but for now I was able to
> fix it this way...
> num = 200
> mess = "INSERT INTO foo (id) VALUES (%s)" % num
> cur.execute(mess)
>
> ... don't know why I didn't think of that last (oh wait, Yes I do...
> because 'last night' was actually 2am this morning, after working all
> day!)
the "pyformat" parameter style means that you're supposed to use "%s"
instead of "?" for the placeholders:
cur.execute("INSERT INTO foo (id) VALUES (%s)", (num,))
while string formatting works, and is safe for simple cases like this,
it can quickly turn into a performance and security problem. better
avoid it for anything other than command-line tinkering and throw-away
scripts.
(I'm sure this is mentioned in the fine manual, btw ;-)
</F>
More information about the Python-list
mailing list