> -----Original Message----- > From: Alan Gauld [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 21, 2006 2:51 AM > To: Mike Hansen; tutor@python.org > Subject: Re: [Tutor] Python CGI Script > > > sql_statement = "INSERT INTO images (image) VALUES (%s)" > > cur.execute(sql_statement, (data_obj, )) > > > >Is it just moving the variable substitution to the execute statement > >as > > a tuple, so it will perform the proper quoting? > > Nope, the syntax changes slightly, and I believe depends on the > database driver you use. For SqlLite (and I think for MySql) its a > question mark > > > sql_statement = "INSERT INTO images (image) VALUES (?)" > > cur.execute(sql_statement, data_obj) > > And I don;t think you need the tuple form unless you have multiple > values. > And you can do it in one line too: > > cur.execute("INSERT INTO images (image) VALUES (?)", data_obj) > > Alan G. > >
In my case, I'm using psycopg2 for PostgreSQL. I just did a test, and it doesn't seem to like the ? syntax. I'll check the documentation to see if there's a setting to have it use the ? syntax. Thanks, Mike _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
