escape string to store in a database?
Bryan Olson
fakeaddress at nowhere.org
Fri Mar 14 07:17:50 EDT 2008
andrei.avk at gmail.com wrote:
> how would this work with UPDATE
> command? I get this error:
>
> cmd = "UPDATE items SET content = ? WHERE id=%d" % id
>
> self.cursor.execute(cmd, content)
> pysqlite2.dbapi2.ProgrammingError: Incorrect number of bindings
> supplied. The c
> rrent statement uses 1, and there are 0 supplied.
The error message implies that 'content' is an empty sequence.
Even when the SQL takes exactly one parameter, the second
argument is a sequence containing the parameter. You can use
a one-element list, written [someparam], or a one-tuple
(someparam,).
> Sqlite site doesn't give any details on using parameter bindings in
> UPDATE command, I'm
> going to look around some more..
To make effective use of Python's Sqlite3 module, I need three
references: the Python DB API v2 spec, the Sqlite3 module's doc,
and the Sqlite database doc.
http://www.python.org/dev/peps/pep-0249/
http://docs.python.org/lib/module-sqlite3.html
http://www.sqlite.org/docs.html
With all three, parameter binding is still under-specified, but
only a little.
Those new to the relational model and to SQL will need sources
on those as well. On the model, I think the foundational paper
has held up well over the decades:
Codd, E.F. "A Relational Model of Data for Large Shared
Data Banks". /Communications of the ACM/ Volume 13 number
6, June 1970; pages 377–387.
It is currently available on line at:
http://www.seas.upenn.edu/~zives/03f/cis550/codd.pdf
Anyone have a particularly good and easily accessible
source to recommend on SQL?
--
--Bryan
More information about the Python-list
mailing list