%s place holder does not let me insert ' in an sql query with python.
Krishnakant
hackingkk at gmail.com
Mon Dec 15 13:00:43 EST 2008
Hi steve.
you are right.
Thanks for all you who helped to understand how to and *not* to pass
queries through psycopg2 which is a module based on python dbapi.
the following query worked.
cursor.execute("insert into vendors values(%s,%s)", lstParams)
lstParams contained all the values and yes one had an ' in it.
thanks again for all the help.
happy hacking.
Krishnakant.
On Mon, 2008-12-15 at 12:35 -0500, Steve Holden wrote:
> Lamonte Harris wrote:
> > I had this problem too. If you've upgraded to python 2.6 you need to
> > use the new sytnax "format
> >
> > queryString = "insert into venders
> > values('{0}','{1}','{2}'".format(field1,field2,field3)
> >
> Will all readers of this thread kindly regard this as an example of how
> *not* to generate and execute SQL queries in Python. Study the
> cursor.execute() method, and provide parameterized queries and a data
> tuple instead.
>
> Please also note that the above technique explicitly continues to
> generate SQL syntax errors in Krishnakan's case where the data values
> themselves contain apostrophes.
>
> regards
> Steve
More information about the Python-list
mailing list