python 2.7.12 on Linux behaving differently than on Windows
Chris Angelico
rosuav at gmail.com
Sun Dec 4 18:26:55 EST 2016
On Mon, Dec 5, 2016 at 9:52 AM, Steve D'Aprano
<steve+python at pearwood.info> wrote:
> I'm not sure how to interpret this error, so I'm guessing. Please correct me
> if I'm wrong, but doesn't this mean that your column is called:
>
> single quote R single quote
>
> that is, literally 'R', which means that if you were using it in Python
> code, you would have to write the column name as this?
>
> "'R'"
>
AIUI this is meant to be a string literal, which in SQL is surrounded
by single quotes. This also means that anyone who's using this script
needs to be comfortable with writing raw SQL; plus, there's no
protection against SQL injection, so anyone using the script has to
have full database permission. The best solution might well be to
change the protocol somewhat: instead of taking raw SQL on the command
line, take "column=value", parse that in Python, and provide the value
as a string (or maybe as "int if all digits else string").
ChrisA
More information about the Python-list
mailing list