Il 03/04/2014 16:27, Simon King ha scritto:
On Thu, Apr 3, 2014 at 2:54 PM, Matteo Boscolo <[email protected]> wrote:Il 03/04/2014 15:26, Matteo Boscolo ha scritto: Hi All, i got this function to make a query: def getTypeFromId(self,tmm_id): """ get the tipe from a given id """ flt="TMM_ID='%s'"%str(tmm_id) for ent in self.query(filterSql=flt): return ent.getValue("TMM_TYPE") the value of the tmm_id is 'T]:5!!!!\ unfortunately the orm think that the :5 is a parameter and i get the " illegal variable name/number" .. this is the select of the query .. 'SELECT "TMM_REVENTITY_revprog", "TMM_REVENTITY_lockuser", "TMM_REVENTITY_tlockcounter", "TMM_REVENTITY_revdate", "TMM_REVENTITY_revdes", "TMM_REVENTITY_revstate", "TMM_REVENTITY_plockdate", "TMM_REVENTITY_plockcounter", "TMM_REVENTITY_revname", "TMM_REVENTITY_revlabel", "TMM_REVENTITY_TMM_ID", "TMM_REVENTITY_TMM_TYPE", "TMM_REVENTITY_TMM_LASTUPDATE" \nFROM (SELECT "TMM_REVENTITY".revprog AS "TMM_REVENTITY_revprog", "TMM_REVENTITY".lockuser AS "TMM_REVENTITY_lockuser", "TMM_REVENTITY".tlockcounter AS "TMM_REVENTITY_tlockcounter", "TMM_REVENTITY".revdate AS "TMM_REVENTITY_revdate", "TMM_REVENTITY".revdes AS "TMM_REVENTITY_revdes", "TMM_REVENTITY".revstate AS "TMM_REVENTITY_revstate", "TMM_REVENTITY".plockdate AS "TMM_REVENTITY_plockdate", "TMM_REVENTITY".plockcounter AS "TMM_REVENTITY_plockcounter", "TMM_REVENTITY".revname AS "TMM_REVENTITY_revname", "TMM_REVENTITY".revlabel AS "TMM_REVENTITY_revlabel", "TMM_REVENTITY"."TMM_ID" AS "TMM_REVENTITY_TMM_ID", "TMM_REVENTITY"."TMM_TYPE" AS "TMM_REVENTITY_TMM_TYPE", "TMM_REVENTITY"."TMM_LASTUPDATE" AS "TMM_REVENTITY_TMM_LASTUPDATE" \nFROM "TMM_REVENTITY" \nWHERE TMM_ID=\'T]:5!!!!\') \nWHERE ROWNUM <= :ROWNUM_1' {'ROWNUM_1': 5000, '5': None} any help is appreciated .. regards, Matteo -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout. hi solve the issue by putting the escape parameter so my tmm_id become 'T]\:5!!!!\ thanks anyhow regards, MatteoOut of interest, do you really need to be passing a raw sql string into your query here? It opens you up to bugs and possibly sql injection attacks if you don't quote your strings properly. For example, what happens if tmm_id contains a single quote? Cheers, Simon
this is a good point of view ... Thanks, Regards, Matteo -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sqlalchemy. For more options, visit https://groups.google.com/d/optout.
