Leif B. Kristensen wrote:
>>> You don't need to escape text when using the Python DB-API.
>>> DB-API will do everything for you.
>>> For example:
>>> SQL = 'INSERT into TEMP data = %s'
>>> c.execute(SQL, """ text containing ' and ` and all other stuff we
>>. might
>>. read from the network""")
>>.
>>> You see, the SQL string contains a %s placeholder, but insetad of
>>> executing the simple string expansion SQL % """....""", I call the
>>> execute method with the text as a second *parametar*. Everything else
>>> is magic :).
>
>> Sure, but does this work if you need more than one placeholder?
> Yes it works with more than one placeholder.
Yes, BUT: I have found that all of the placeholders must be STRINGS!
If I try to use other data types (%d, %f, etc.), I get an error:
File "/usr/lib/python2.5/site-packages/MySQLdb/cursors.py", line 149, in execute
query = query % db.literal(args)
TypeError: float argument required
It's not a huge problem to convert my non-string args, but it
seems like this should be fixed, no?
- Michael
--
http://mail.python.org/mailman/listinfo/python-list
