Τη Κυριακή, 26 Μαρτίου 2017 - 11:59:21 μ.μ. UTC+3, ο χρήστης Larry Hudson έγραψε: > On 03/26/2017 01:21 AM, Νίκος Βέργος wrote: > > print('''UPDATE visitors SET (pagesID, host, ref, location, useros, > > browser, visits) VALUES (%s, %s, %s, %s, %s, %s, %s) WHERE host LIKE > > "%s"''', (pID, domain, ref, location, useros, browser, lastvisit, domain) ) > > > > prints out: > > > > UPDATE visitors SET (pagesID, host, ref, location, useros, browser, visits) > > VALUES (%s, %s, %s, %s, %s, %s, %s) WHERE host LIKE "%s" (1, 'cyta.gr', > > 'Άμεση Πρόσβαση', 'Greece', 'Windows', 'Chrome', '17-03-24 22:04:24', > > 'cyta.gr') > > > > How should i write the cursor.execute in order to be parsed properly? > > As i have it now %s does not get substituted. > > You don't get the substitution because you're missing a %. > > Change: > ... LIKE "%s"''', (pID, ... > To: > ... LIKE "%s"''' % (pID, ... > > -- > -=- Larry -=-
No, i have tried it many times. It fails and is prone to sql injection within a cursor execute. As i understood i can have UPDATE syntax be as similar to INSERT like (pagesID, host, ref, location, useros, browser, visits) VALUES (%s, %s, %s, %s, %s, %s, %s) each column needs to be set respectively as column1 = value1, column2 = value 2 and so on. -- https://mail.python.org/mailman/listinfo/python-list