[Tutor] Python CGI Script
Alan Gauld
alan.gauld at freenet.co.uk
Thu Sep 21 10:50:42 CEST 2006
> sql_statement = "INSERT INTO images (image) VALUES (%s)"
> cur.execute(sql_statement, (data_obj, ))
>
>Is it just moving the variable substitution to the execute statement
>as
> a tuple, so it will perform the proper quoting?
Nope, the syntax changes slightly, and I believe depends on the
database driver you use. For SqlLite (and I think for MySql) its a
question mark
> sql_statement = "INSERT INTO images (image) VALUES (?)"
> cur.execute(sql_statement, data_obj)
And I don;t think you need the tuple form unless you have multiple
values.
And you can do it in one line too:
cur.execute("INSERT INTO images (image) VALUES (?)", data_obj)
Alan G.
More information about the Tutor
mailing list