Francisco Rivas wrote:
> sql = sql + 'AND f.url like "%%%s%%"' % (forge)
>
> cursor = connection.cursor()
> cursor.execute(sql)
> results = cursor.fetchall()
cursor.execute() expects placeholders, rather than direct parameters, so
needs % to be escaped on input - your one level of escaping is removed
when interpolating forge. So you /could/ change the one line above to be:
sql = sql + 'AND f.url like "%%%%%s%%%%"' % (forge)
but I would recommend instead something like:
sql = sql + 'AND f.url like %s'
cursor = connection.cursor()
cursor.execute(sql, ['%'+forge+'%'])
which then means forge will be quoted/escaped for you as necessary
automatically.
ATB,
Matthew
> not enough arguments for format string
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
