> Q = "SELECT login FROM users WHERE login LIKE '%%%s%%'" %
> str(i.q)
> results = db.query(Q)
This isn't safe. You want to do:
results = db.query("SELECT login FROM users WHERE login
LIKE $q", vars=dict(q='%' + i.q + '%'))
>
> And this error:
> ERR: SELECT login FROM users WHERE login LIKE '%bm%'
> Traceback (most recent call last):
> File "/Library/Frameworks/Python.framework/Versions/2.6/lib/
> python2.6/site-packages/web/application.py", line 211, in process
> return self.handle()
> File "/Library/Frameworks/Python.framework/Versions/2.6/lib/
> python2.6/site-packages/web/application.py", line 201, in handle
> return self._delegate(fn, self.fvars, args)
> File "/Library/Frameworks/Python.framework/Versions/2.6/lib/
> python2.6/site-packages/web/application.py", line 385, in _delegate
> return handle_class(cls)
> File "/Library/Frameworks/Python.framework/Versions/2.6/lib/
> python2.6/site-packages/web/application.py", line 360, in handle_class
> return tocall(*args)
> File "/Users/bm/python/pass/app.py", line 53, in GET
> results = db.query(Q)
> File "/Library/Frameworks/Python.framework/Versions/2.6/lib/
> python2.6/site-packages/web/db.py", line 579, in query
> self._db_execute(db_cursor, sql_query)
> File "/Library/Frameworks/Python.framework/Versions/2.6/lib/
> python2.6/site-packages/web/db.py", line 530, in _db_execute
> for x in sql_query.values()])
> File "build/bdist.macosx-10.3-i386/egg/MySQLdb/cursors.py", line
> 151, in execute
> query = query % db.literal(args)
> TypeError: not enough arguments for format string
>
> The query looks fine and works great in mysql console. But want not
> run in webpy environment.
>
> What wrong with me?
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
