Line68:
query = cursor.execute("""INSERT INTO ConfMain (ConfName, ConfHost,
ConfStart, ConfEnd, ConfDays, ConfStartTime, ConfEndTime, ConfSize)
VALUES (\'%s\', \'%s\', \'%%\', \'%%\', %i, \'%%\', \'%%\', %i);""" %
(conf_name, host_name, start_day, end_day, int(num_days), start_time,
end_time, aud_size))
Does psycopg not handle quoting for you? Almost all database interfaces
nowadays support something like:
result = myquery.execute('INSERT INTO foo (anInt,aDate,aText) VALUES
(?,?,?)', query_parameters);
The interface deals with quoting the "?" based on the type definitions
in the database.
You do not have to quote the query in psycopg... Psycopg does it for you.
See the bottom of this for an example using a dictionary:
http://www.devx.com/opensource/Article/29071/0/page/3
Joshua D. Drake
Trying to quote things yourself is tricky. You'll need to handle
single-quotes in a string yourself - easy to get it wrong.
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
