[DB-SIG] Including variables in SQL queries

Hugh h.e.w.frater@cs.cf.ac.uk
Sat, 17 Mar 2001 21:43:28 +0000

Hi All,
	I got DCOracle2 installed and working a while back and am progressing
with the project OK. What I want to know, is how to include variables in an SQL
query. This is so I can select an encryted password from a table given the
userID which is parsed using the cgi.py module into a variable in my python
script. The code I've got is as follows: Note I have yet to try this because
the tables are not yet finalised.

formid = form.getvalue('id')
c.execute("select password from tblborrower where userid = formid")

I have a suspision that this won't work because it will try and use "formid" as
the value for userid instead of the value of the string formid.

I know there are probably better ways to make a secure login, but it's only a
first year project, and it doesn't matter that much.
Thanks in advance for any help. Hugh Frater