problem with quoted strings while inserting into varchar field of database.
Stefan Sonnenberg-Carstens
stefan.sonnenberg at pythonmeister.com
Mon May 7 04:46:09 EDT 2007
On Mo, 7.05.2007, 10:30, Daniele Varrazzo wrote:
> On 7 Mag, 08:55, "krishnakant Mane" <researchb... at gmail.com> wrote:
>> On 6 May 2007 11:22:52 -0700, Daniele Varrazzo
>> <daniele.varra... at gmail.com> >> Every serious database driver has a
>> complete and solid SQL escaping
>> > mechanism. This mechanism tipically involves putting placeholders in
>> > your SQL strings and passing python data in a separate tuple or
>> > dictionary. Kinda
>>
>> > cur.execute("INSERT INTO datatable (data) VALUES (%s);",
>> > (pickled_data,))
>>
>> I will try doing that once I get back to the lab.
>> mean while I forgot to mention in my previous email that I use MySQLdb
>> for python-mysql connection.
>
> OK: MySQLdb implements the escaping mechanism i described. You can
> find the documentation if you look for it harder.
>
>> I did not find any such reference to storing pickled objects in the API.
>
> Storing pickled object is not different from storing anything else
> into BLOB. You would have faced the same problem if you had to write
> "O'Reilly" in a VARCHAR field.
>
> -- Daniele
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>
Why not use qmark parameter passing (PEP 249) ?
cur.execute("INSERT INTO datatable (data) VALUES (?);" , (pickled_data,))
Then the DB driver will take care for you.
More information about the Python-list
mailing list