problem with quoted strings while inserting into varchar field of database.
Daniele Varrazzo
daniele.varrazzo at gmail.com
Mon May 7 10:26:55 EDT 2007
> >> >> > cur.execute("INSERT INTO datatable (data) VALUES (%s);",
> >> >> > (pickled_data,))
> %s is not a placeholder IMHO.
> What happens when using %s is, that the string given will be inserted where
> %s is; that is something python does as with every print or such.
It is indeed. The behavior you describe would be true if i had used
the "%" operator. Read better what i have written: There is no "%"
operator.
cur.execute() receives 2 parameters: a SQL string with placeholders
and a tuple with values: it's not me mangling values into the SQL
string. This is the driver responsibility and it has the chance
because it receives SQL and values as two distinct parameters. The
driver can ask the SQL string to contain placeholders either in qmark
"?" or in format "%s" style, but there is no functional difference.
Notice that the placeholder is always "%s" and not "%d" or "%f" for
integers or float: there is always an escaping phase converting each
python object into a properly encoded string and then the placeholders
are replaced with the value. This happens into the execute()
machinery.
> By using the qmark style, it is up the the implementation of the
> cursor.execute method to decide what to do. python itself, and it's string
> implementation, don't know anything to do with the qmark.
> So, IMHO it *makes* a difference:
> with %s the execute function sees a string and nothing more as the
> parameters are consumed away by the % substitution.
> with ?, the execute implementation must do it's best, it gets a string and
> a list/tuple with values.
Again, this would be true for "cur.execute(sql % data)": what i wrote
is "cur.execute(sql, data)".
-- Daniele
More information about the Python-list
mailing list