sqlalchemy.exc.ProgrammingError: (ProgrammingError) ('42000', "[42000] [Microsoft][ODBC SQL Server Driver][SQL Server]'f2f68'
Peter Otten
__peter__ at web.de
Fri Aug 17 07:04:39 EDT 2012
nepaul wrote:
> =======================case1==============================:
> import sqlalchemy
> test1 = "631f2f68-8731-4561-889b-88ab1ae7c95a"
> cmdTest1 = "select * from analyseresult where uid = " + test1
> engine =
>
sqlalchemy.create_engine("mssql+pyodbc://DumpResult:123456@localhost/DumpResult")
> c = engine.execute(cmdTest1)
> ======================case2===============================: import
> sqlalchemy test2 = "123"
> cmdTest2 = "select * from analyseresult where uid = " + test2
> engine =
>
sqlalchemy.create_engine("mssql+pyodbc://DumpResult:123456@localhost/DumpResult")
> c = engine.execute(cmdTest1)
>
>
> !!!!!
> case1 :wrong,(sqlalchemy.exc.ProgrammingError: (ProgrammingError)
> ('42000', "[42000] [Microsoft][ODBC SQL Server Driver][SQL Server]'f2f68')
> case2:work!
I'd guess the uuid needs to be quoted. Don't do that yourself -- your code
will become vulnerable to sql injection attacks -- use the dbapi instead:
# Again just guessing; I'm not an sqlalchemy user.
import sqlalchemy
test1 = "631f2f68-8731-4561-889b-88ab1ae7c95a"
cmdTest1 = "select * from analyseresult where uid = %s"
engine = sqlalchemy.create_engine(
"mssql+pyodbc://DumpResult:123456@localhost/DumpResult")
c = engine.execute(cmdTest1, test1)
Note that I'm not using Python's string formatting. The two arguments are
passed as is and mysql builds the resulting query.
More information about the Python-list
mailing list