escape single and double quotes
Michael Pelz Sherman
mpelzsherman at yahoo.com
Wed Oct 24 10:37:56 EDT 2007
Thanks Gabriel. You are correct - this is even documented in the MySQLdb User's Guide (http://mysql-python.sourceforge.net/MySQLdb.html), but it's certainly not intuitive, given how python string interpolation normally works.
Gabriel Genellina <gagsl-py2 at yahoo.com.ar> wrote: En Tue, 23 Oct 2007 20:50:55 -0300, Michael Pelz Sherman
escribió:
> Leif B. Kristensen wrote:
>
>>>> SQL = 'INSERT into TEMP data = %s'
>>>> c.execute(SQL, """ text containing ' and ` and all other stuff we
>>> . might
>>> . read from the network""")
>>
>>> Sure, but does this work if you need more than one placeholder?
>
>> Yes it works with more than one placeholder.
>
> Yes, BUT: I have found that all of the placeholders must be STRINGS!
>
> If I try to use other data types (%d, %f, etc.), I get an error:
>
> File "/usr/lib/python2.5/site-packages/MySQLdb/cursors.py", line 149, in
> execute
> query = query % db.literal(args)
> TypeError: float argument required
>
> It's not a huge problem to convert my non-string args, but it
> seems like this should be fixed if it's a bug, no?
No. The *MARK* is always %s - but the data may be any type (suitable for
the database column, of course).
The only purpose of %s is to say "insert parameter here". Other adapters
use a question mark ? as a parameter placeholder, a lot less confusing, as
it does not look like string interpolation.
--
Gabriel Genellina
--
http://mail.python.org/mailman/listinfo/python-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20071024/95000c3c/attachment.html>
More information about the Python-list
mailing list