Help: Omitting quotes from SQL Queries.
Gerhard Häring
gerhard.haering at gmx.de
Tue Jan 7 19:15:11 EST 2003
* taocairns <nospam at earthlink.net> [2003-01-07 16:54 +0000]:
> keithk wrote:
> >Hi All,
> >
> >I am using an mx.ODBC connection to MSSQL and am iterating through a
> >list to get data from the DB, for eg:
> >
> >for fileName in fileNameList:
> > cursor.execute("SELECT fileSize FROM database where
> > database.filename = '%s'" % fileName)
> > fileSizes = cursor.fetchall()
> >
> >However, when it iterates through the list and fileName equals something
> >like "Hello World's" with a single quote inside the query fails as the
> >string is ended prematurely, does anybody know how I can solve this?
> >
> >Thanks in advance,
> >
> >Keith
> >
> >--
> >Posted via http://dbforums.com
>
> Try unquoting the placeholder (%s):
This makes it even worse.
> for fileName in fileNameList:
> cursor.execute("SELECT fileSize FROM database where
> database.filename = %s" % fileName)
> fileSizes = cursor.fetchall()
Use DB-API bound parameters, like I showed in my other answer.
Gerhard
--
Favourite database: http://www.postgresql.org/
Favourite programming language: http://www.python.org/
Combine the two: http://pypgsql.sf.net/
Embedded database for Python: http://pysqlite.sf.net/
More information about the Python-list
mailing list