Help: Omitting quotes from SQL Queries.

Gerhard Häring gerhard.haering at gmx.de
Wed Jan 8 01:15:11 CET 2003


* taocairns <nospam at earthlink.net> [2003-01-07 16:54 +0000]:
> keithk wrote:
> >Hi All,
> >
> >I am using an mx.ODBC connection to MSSQL and am iterating through a
> >list to get data from the DB, for eg:
> >
> >for fileName in fileNameList:
> >        cursor.execute("SELECT fileSize FROM database where
> >        database.filename = '%s'" % fileName)
> >        fileSizes = cursor.fetchall()
> >
> >However, when it iterates through the list and fileName equals something
> >like "Hello World's" with a single quote inside the query fails as the
> >string is ended prematurely, does anybody know how I can solve this?
> >
> >Thanks in advance,
> >
> >Keith
> >
> >--
> >Posted via http://dbforums.com
> 
> Try unquoting the placeholder (%s):

This makes it even worse.

> for fileName in fileNameList:
>          cursor.execute("SELECT fileSize FROM database where
>          database.filename = %s" % fileName)
>          fileSizes = cursor.fetchall()

Use DB-API bound parameters, like I showed in my other answer.

Gerhard
-- 
Favourite database:             http://www.postgresql.org/
Favourite programming language: http://www.python.org/
Combine the two:                http://pypgsql.sf.net/
Embedded database for Python:   http://pysqlite.sf.net/





More information about the Python-list mailing list