[DB-SIG] Escaping Placeholders
Peter L. Buschman
plblists at iotk.com
Tue Jul 6 20:39:58 CEST 2004
Andy:
Thanks. Are you saying there is no explicit escaping of placeholders? If
so, that actually makes my problem
somewhat easier as I am working on a set of translation routines to convert
from any paramstyle to any other
paramstyle. Going from ?,?,? to :1,:2:,:3, :param1,:param2,:param3,
%s,%s,%s, or :%(param1)s,%(param2)s,%(param3)s
is actually quite easy if you don't need to deal with escaped parameters
that screw up your search and replace
routines.
--PLB
At 08:13 PM 7/6/2004, you wrote:
>Peter L. Buschman wrote:
>>I know there must be an obvious answer to this question, but what is the
>>standard mechanism
>>for escaping placeholders in dbapi execute method calls?
>>Eg., when using the qmark paramstyle and I want to include a literal
>>question-mark, do I use \?, '?', ??,
>>or something else entirely? Ditto for format, named, etc., in any
>>situations where literal text in the query
>>might be mistaken for a placeholder.
>>--PLB
>
>The first thing that springs to mind is to make the placeholder another
>placeholder. Instead of;
>
> >>> myCurs.execute("SELECT column_x FROM my_table WHERE dubious_column='?'")
>
>Use;
>
> >>> myCurs.execute("SELECT column_x FROM my_table WHERE
> dubious_column=?", ('?',))
>
>This won't help if your special character is part of the name of one of
>your database objects of course. If that is the case then I'd rename it.
>
>Regards,
>Andy
>--
>--------------------------------------------------------------------------------
> From the desk of Andrew J Todd esq - http://www.halfcooked.com/
>
More information about the DB-SIG
mailing list