Help: Omitting quotes from SQL Queries.
gerhard.haering at gmx.de
Wed Jan 8 01:15:11 CET 2003
* taocairns <nospam at earthlink.net> [2003-01-07 16:54 +0000]:
> keithk wrote:
> >Hi All,
> >I am using an mx.ODBC connection to MSSQL and am iterating through a
> >list to get data from the DB, for eg:
> >for fileName in fileNameList:
> > cursor.execute("SELECT fileSize FROM database where
> > database.filename = '%s'" % fileName)
> > fileSizes = cursor.fetchall()
> >However, when it iterates through the list and fileName equals something
> >like "Hello World's" with a single quote inside the query fails as the
> >string is ended prematurely, does anybody know how I can solve this?
> >Thanks in advance,
> >Posted via http://dbforums.com
> Try unquoting the placeholder (%s):
This makes it even worse.
> for fileName in fileNameList:
> cursor.execute("SELECT fileSize FROM database where
> database.filename = %s" % fileName)
> fileSizes = cursor.fetchall()
Use DB-API bound parameters, like I showed in my other answer.
Favourite database: http://www.postgresql.org/
Favourite programming language: http://www.python.org/
Combine the two: http://pypgsql.sf.net/
Embedded database for Python: http://pysqlite.sf.net/
More information about the Python-list