%s place holder does not let me insert ' in an sql query with python.

[Krishnakant]

hello all,
thanks for all of your very quick responses.
The problem is that I am using python 2.5 so the 2.6 syntax does not
apply in my case.
secondly, My problem is very unique.
I have created a function called executeProcedure in python which calls
stored procedures in postgresql.
The fun part of this function is that it has just got 3 standard
parameters namely the name of the sp to be called, whether it returns 1
or more records as a result and the list containing the input parameters
which that sp will need for execution.
So no matter what your sp does as in insert update delete or select, no
matter there is one param or 10 all you have to do is pass one string
containing the function name, one boolean and one list of params.
The rest is taken care by this python function.
So now all hackers will understand that the query to call the stored
procedure namely cursor.execute(select * from functname ) will be built
dynamically.
So now in this situation I have to build the querystring and then pass
it to execute of the cursor.
in this case, I get a problem when there is ' in any of the values
during insert or update.
If any one wants this code, Please let me know.  You all can get a lot
of utility out of the function.
This only becomes a problem when an ' comes in the value.
So I need help to fix the problem with the given context.
happy hacking.
Krishnakant.
On Mon, 2008-12-15 at 07:21 -0600, Lamonte Harris wrote:
> sorry about that
> 
> queryString = "insert into venders
> values('{0}','{1}','{2}')".format(field1,field2,field3)
> 
> On Mon, Dec 15, 2008 at 7:21 AM, Lamonte Harris
> <pyth0nc0d3r at gmail.com> wrote:
>         I had this problem too.  If you've upgraded to python 2.6 you
>         need to use the new sytnax "format
>         
>         queryString = "insert into venders
>         values('{0}','{1}','{2}'".format(field1,field2,field3)
>         
>         
>         
>         On Mon, Dec 15, 2008 at 6:46 AM, Krishnakant
>         <hackingkk at gmail.com> wrote:
>                 hello all hackers.
>                 This is some kind of an interesting situation although
>                 many of you must
>                 have already gone through it.
>                 I am facing a situation where I have to use psycopg2
>                 and insert rows in
>                 a postgresql table.
>                 That's pritty easy and no need to say that it works
>                 well.  But there are
>                 some entries which have an ' in the value.
>                 I have a venders table in my database and one of the
>                 values tryed was
>                 "His Master's Voice "
>                 now the master's word has the ' which is used for
>                 starting and ending a
>                 varchar value for postgresql or almost any standard
>                 RDBMS.
>                 Does any one know what is the way out of this?
>                 how do you let the ' go as a part of the string?
>                 I have used %s as placeholder as in
>                 queryString = "insert into venders values ('%s,%s,%s"
>                 %
>                 (field1,field2,field3 ) ...
>                 This is not working for the ' values.
>                 can any one suggest a suitable solution?
>                 happy hacking.
>                 Krishnakant.
>                 
>                 --
>                 http://mail.python.org/mailman/listinfo/python-list
>         
>         
>