baffling sql string
skip at pobox.com
skip at pobox.com
Wed Sep 27 08:39:21 EDT 2006
DarkBlue> Following is a code snippet from a pythoncard app
DarkBlue> the problem is with the sql string called iq1
DarkBlue> If either mysubject or mytalktext contains an
DarkBlue> apostrophe the update fails :
DarkBlue> Example: mysubject="Let's Eat" this fails
DarkBlue> mysubject="Lets Eat" this works fine
DarkBlue> What options do I have to avoid this issue but still can use
DarkBlue> apostrophes in my input data ?
You don't mention what database adapter you're communicating with, but they
all have argument quoting facilities. You should be using them instead of
doing the string interpolation yourself.
For example, if I was using MySQL, my code might look something like this:
self.cur.execute("update MSGTALK"
" set msgdate='NOW', subject=%s, talktext=%s"
" where msgno=%s",
(self.components.TextField1.text,
self.components.TextArea1.text,
self.myamsgno))
Skip
More information about the Python-list
mailing list