problem with quoted strings while inserting into varchar field of database.
Daniele Varrazzo
daniele.varrazzo at gmail.com
Mon May 7 04:30:55 EDT 2007
On 7 Mag, 08:55, "krishnakant Mane" <researchb... at gmail.com> wrote:
> On 6 May 2007 11:22:52 -0700, Daniele Varrazzo <daniele.varra... at gmail.com> >> Every serious database driver has a complete and solid SQL escaping
> > mechanism. This mechanism tipically involves putting placeholders in
> > your SQL strings and passing python data in a separate tuple or
> > dictionary. Kinda
>
> > cur.execute("INSERT INTO datatable (data) VALUES (%s);",
> > (pickled_data,))
>
> I will try doing that once I get back to the lab.
> mean while I forgot to mention in my previous email that I use MySQLdb
> for python-mysql connection.
OK: MySQLdb implements the escaping mechanism i described. You can
find the documentation if you look for it harder.
> I did not find any such reference to storing pickled objects in the API.
Storing pickled object is not different from storing anything else
into BLOB. You would have faced the same problem if you had to write
"O'Reilly" in a VARCHAR field.
-- Daniele
More information about the Python-list
mailing list