escape single and double quotes
Michael Pelz Sherman
mpelzsherman at yahoo.com
Tue Oct 23 19:50:55 EDT 2007
Leif B. Kristensen wrote:
>>> You don't need to escape text when using the Python DB-API.
>>> DB-API will do everything for you.
>>> For example:
>>> SQL = 'INSERT into TEMP data = %s'
>>> c.execute(SQL, """ text containing ' and ` and all other stuff we
>>. might
>>. read from the network""")
>>.
>>> You see, the SQL string contains a %s placeholder, but insetad of
>>> executing the simple string expansion SQL % """....""", I call the
>>> execute method with the text as a second *parametar*. Everything else
>>> is magic :).
>
>> Sure, but does this work if you need more than one placeholder?
> Yes it works with more than one placeholder.
Yes, BUT: I have found that all of the placeholders must be STRINGS!
If I try to use other data types (%d, %f, etc.), I get an error:
File "/usr/lib/python2.5/site-packages/MySQLdb/cursors.py", line 149, in execute
query = query % db.literal(args)
TypeError: float argument required
It's not a huge problem to convert my non-string args, but it
seems like this should be fixed if it's a bug, no?
- Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20071023/a11b8e43/attachment.html>
More information about the Python-list
mailing list