[DB-SIG] RE: SQL insert with integer variable
Gerhard Häring
gerhard@bigfoot.de
Tue, 4 Jun 2002 09:44:34 +0200
* Ben <bfergo@ihug.com.au> [2002-06-04 17:12 +1000]:
> I'm using the htmlxmlsql2000db module.
Which is probably unknown outside a certain australian university. Google sez
it's sort of a xmlrpc solution to access a M$ SQL server remotely.
> query="insert into playscene (scene_id,title,scene) Values (current_scene_int, '"+current_play+"','"+current_scene+"')"
> c.execute(query)
Ugh. This is exactly what not to do with a DB-API module. Provide the
parameters for your statements in the second parameter of the execute
statement. I have no idea what paramstyle your db module uses, but if it is
pyformat or format, this should work:
query = "insert into playscene (scene_id, title, scene) values (%i, %s, %s)"
my_id = 5
my_title = "foo"
my_scene = "bar"
c.execute(query, (my_id, my_title, my_scene))
I'd suggest you read the docs of your DB-API module. They should provide
examples for proper usage of the execute statement. And also for what
paramstyle it uses.
Gerhard
--
mail: gerhard <at> bigfoot <dot> de registered Linux user #64239
web: http://www.cs.fhm.edu/~ifw00065/ OpenPGP public key id 86AB43C0
public key fingerprint: DEC1 1D02 5743 1159 CD20 A4B6 7B22 6575 86AB 43C0
reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))