Hi,
I'm having a hard time figuring out the correct way of doing the
following:
In my database (SQLite), I have a "title" column, which is just a text
field. One entry have a ' in it, example: It's pretty annoying
When I try to do the following, it fails, due to the ' in title
param= dict(title=title)
results = db.select('shows', param, where="title= $title")
I thought the solution was in Web.db.SQLParam or sqlquote, but they
convert 'it's annoying' to '"It's annoying"', which also fails,
because the database entry doesn't have the " in it. Or at least
that's what I think is happening.
The one solution I did find was:
title = title.replace('\\', '\\\\')
param= dict(title=title)
results = db.select('shows', param, where="title= $title"
That not as pretty as I would like and I'm a bit concerned that it's
not always going to work or even be safe.
Are there any better solutions using the webpy db functionality?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
