SQL: don't use bind variables (was Re: Using strings with ' in them in SQL-queries)
thomas at cintra.no
thomas at cintra.no
Fri Jun 2 12:54:42 EDT 2000
On 2 Jun 2000 12:28:47 GMT, "D'Arcy J.M. Cain" <darcy at vex.net> wrote:
>Paul Boddie <paulb at infercor.no> wrote:
>> db.execute("insert into test (id, name) value (1, :var)", {"var" : var})
>
>> (Now I look again, I don't know where the 'query' method came from, but I assume
>> that the thread's initiator meant 'execute'.)
>
>He's probably using PyGreSQL which has two distinct interfaces, PyGreSQL
>Classic (or PyGres) and PyGreSQL DB-API which is in the 3.0 version
>just released. He is using the classic interface which, btw, I am not
>planning to deprecate. Both will continue to be available in PyGreSQL
>as long as I am maintaining it.
>
>There's-more-than-one-way-to-skin-a-dead-parrot-ly y'rs
>
>--
>D'Arcy J.M. Cain <darcy at vex.net> | Democracy is three wolves
>http://www.vex.net/ | and a sheep voting on
>+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
Hi,
I think I started this thread, and I was using the old version of
PyGreSQL. In the new version I use another method;
import pg
db = pg.DB(....) # same as old _pg.connect(..)
a = {}
a['filename'] = 'test.jpg'
a['size'] = 1024
db.insert('test', a)
the keys in the dictionary matches columns in the table "test". All of
my previous problems have vanished.
This might be in the old module too, but at least the old problem is
gone so ...
Thomas
More information about the Python-list
mailing list