On Mon, 15 Dec 2008 at 18:16, Krishnakant wrote:
how do you let the ' go as a part of the string?
I have used %s as placeholder as in
queryString = "insert into venders values ('%s,%s,%s" %
(field1,field2,field3 ) ...
This is not working for the ' values.
This is untested, but I think what you want is:
cursor.execute("insert into venders values (?, ?, ?)", field1, field2,
field3)
This uses parameter binding and should properly quote the values.
It's also the "right way" to do it to avoid sql injection attacks
and for efficiency if you run the same query multiple times.
--RDM
--
http://mail.python.org/mailman/listinfo/python-list
