[DB-SIG] Re: [meta-sig] select statement for python-mysql

[Danny Yoo]

>> c.execute("""select vid from verses where
>> book,chapter,number=%s,%s,%s""", (bk,chap,i))
>
> The syntax for the string substitution needs to have a '%' instead of a ','


Roslyn was right to use a comma: the execute() method of a database cursor
can take in an optional tuple, in which case we're using the safer
prepared statement syntax.  Roslyn probably does not want to use string
formatting due to some issues that SQL deals with.

In particular, we neeed to use prepared statement syntax in cases where
we're inserting columns with nulls, for example:

###
c.execute("insert into book (title, author, isbn) value (%s, %s, %s)",
          ("sicp", "abelson & sussmann", None))
###


Trying to do the equivalent with a string formatting operation:

###
c.execute("insert into book (title, author, isbn) value (%s, %s, %s)"
          % ("sicp", "abelson & sussmann", None) )
###

won't work.



Good luck!