Retrieving possible list for use in a subsequent INSERT
Lele Gaifax
lele at metapensiero.it
Sat Nov 2 07:32:27 EDT 2013
Nick the Gr33k <nikos.gr33k at gmail.com> writes:
> sql = '''INSERT INTO visitors (counterID, refs, host, city, useros,
> browser, visits, downloads) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)'''
> % (cID, refs, host, city, useros, browser, visits, downloads)
It was suggested *several* times but I'll reiterate: do not use Python
iterpolation to pass parameters to your SQL statements, or you sooner or
later will hit this kind of problems.
To be clear:
>>> myvalue = "Italy, Europe"
>>> mysql = "INSERT INTO sometable (theid, thevalue) VALUES (%s, %s)" % (myid, myvalue)
>>> print(mysql)
INSERT INTO sometable (theid, thevalue) VALUES (theid, Italy, Europe)
ciao, lele.
--
nickname: Lele Gaifax | Quando vivrò di quello che ho pensato ieri
real: Emanuele Gaifas | comincerò ad aver paura di chi mi copia.
lele at metapensiero.it | -- Fortunato Depero, 1929.
More information about the Python-list
mailing list