[DB-SIG] Escaping Placeholders

Peter L. Buschman plblists at iotk.com
Tue Jul 6 20:39:58 CEST 2004


Thanks.  Are you saying there is no explicit escaping of placeholders?  If 
so, that actually makes my problem
somewhat easier as I am working on a set of translation routines to convert 
from any paramstyle to any other
paramstyle.  Going from ?,?,? to :1,:2:,:3, :param1,:param2,:param3, 
%s,%s,%s, or :%(param1)s,%(param2)s,%(param3)s
is actually quite easy if you don't need to deal with escaped parameters 
that screw up your search and replace


At 08:13 PM 7/6/2004, you wrote:
>Peter L. Buschman wrote:
>>I know there must be an obvious answer to this question, but what is the 
>>standard mechanism
>>for escaping placeholders in dbapi execute method calls?
>>Eg., when using the qmark paramstyle and I want to include a literal 
>>question-mark, do I use \?, '?', ??,
>>or something else entirely? Ditto for format, named, etc., in any 
>>situations where literal text in the query
>>might be mistaken for a placeholder.
>The first thing that springs to mind is to make the placeholder another 
>placeholder. Instead of;
> >>> myCurs.execute("SELECT column_x FROM my_table WHERE dubious_column='?'")
> >>> myCurs.execute("SELECT column_x FROM my_table WHERE 
> dubious_column=?", ('?',))
>This won't help if your special character is part of the name of one of 
>your database objects of course. If that is the case then I'd rename it.
> From the desk of Andrew J Todd esq - http://www.halfcooked.com/

More information about the DB-SIG mailing list