DB-API execute params, am I missing something?
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Wed May 27 21:12:57 EDT 2009
In message <784h2cF1kem0kU1 at mid.uni-berlin.de>, Diez B. Roggisch wrote:
> Lawrence D'Oliveiro wrote:
>
>> In message <mailman.766.1243354300.8015.python-list at python.org>, Dennis
>> Lee Bieber wrote:
>>
>>> Notice that db.literal() call? That's part of the mechanism used to
>>> escape and quote parameters -- it only returns strings that are safe for
>>> insertion into the SQL statement.
>>
>> Does it deal with "like"-wildcards?
>
> Why shouldn't it?
>
> cursor.execute("select * from table where column like %s", "%name%")
What if the string you're searching for includes a "%" or "_" character?
More information about the Python-list
mailing list