Don't do that, for a number of reasons. String concatenation is
really never a good idea and formatting your own query strings is
exactly what leads to things like sql injection. Let the db library
handle it for you:
cur.execute('insert into seq(id,sequence) values(3, %s)', (content,))
Notice that, although we're using the %s placeholder, we are _not_
using the % operator to format the string. This is because the db
module will do any proper preparation of the value for you before
inserting into the string.
On Dec 12, 2007, at 8:31 AM, sujitha mary wrote:
hi all,
while executing this cur.execute('insert into seq(id,sequence)
values(3,'+content+')')
i'm getting an error psycopg2.ProgrammingError : syntax error at
or near "prophage"
LINE 1: insert into seq(id,sequence) values(3,Tum2 prophage
complete...
--
http://mail.python.org/mailman/listinfo/python-list
--
http://mail.python.org/mailman/listinfo/python-list
