Hi Matthew, thank you very much for the response, I just see it a few minutes ago. Thanks. :D
On Mar 30, 10:47 am, Matthew Somerville <[email protected]> wrote: > Francisco Rivas wrote: > > sql = sql + 'AND f.url like "%%%s%%"' % (forge) > > > cursor = connection.cursor() > > cursor.execute(sql) > > results = cursor.fetchall() > > cursor.execute() expects placeholders, rather than direct parameters, so > needs % to be escaped on input - your one level of escaping is removed > when interpolating forge. So you /could/ change the one line above to be: > sql = sql + 'AND f.url like "%%%%%s%%%%"' % (forge) > > but I would recommend instead something like: > > sql = sql + 'AND f.url like %s' > cursor = connection.cursor() > cursor.execute(sql, ['%'+forge+'%']) > > which then means forge will be quoted/escaped for you as necessary > automatically. > > ATB, > Matthew > > > not enough arguments for format string --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
