MySQLdb select

F. GEIGER f.geiger at vol.at
Thu Aug 5 20:46:55 CEST 2004


"Gerhard Häring" <gh at ghaering.de> schrieb im Newsbeitrag
news:mailman.1008.1091284523.5135.python-list at python.org...


> That's particularly BAD STYLE. It's best to keep to letting the DB-API
> do the proper quoting for all parameters.


Well, yes.

So I tried this:

>>> import MySQLdb as ms
>>> con = ms.connect(db="isa",user="root")
>>> cur = con.cursor()
>>> cur.execute("select id from %s limit 10;", ("tagevents",))
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "C:\PROGRA~1\Python23\lib\site-packages\MySQLdb\cursors.py", line 95,
in execute
    return self._execute(query, args)
  File "C:\PROGRA~1\Python23\lib\site-packages\MySQLdb\cursors.py", line
114, in _execute
    self.errorhandler(self, exc, value)
  File "C:\PROGRA~1\Python23\lib\site-packages\MySQLdb\connections.py", line
33, in defaulterrorhandler
    raise errorclass, errorvalue
_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL
syntax.  Check the manual that corresponds to
your MySQL server version for the right syntax to use near ''tagevents'
limit 10' at line 1")
>>>

Hmm, despite the fact, that it is bad style, I tried:

>>> cur.execute("select id from %s limit 10;" % "tagevents")
10L
>>>

and succeeded.

Looks like MySQL doesn't like the quoting, MySQLdb seems to perform.

Okay, as you shouted to me "BAD STYLE" I presume, it had to work, if I only
did it right. So, what am I doing wrong? Or did I misconfig MySQL? Is MySQL
4.0 not yet supported?

My environment:

Win XP

Python 2.3.4 (#53, May 25 2004, 21:17:02) [MSC v.1200 32 bit (Intel)] on
win32
Type "help", "copyright", "credits" or "license" for more information.

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7 to server version: 4.0.20a-nt

 MySQLdb 1.0.0


Kind regards
Franz GEIGER


"Gerhard Häring" <gh at ghaering.de> schrieb im Newsbeitrag
news:mailman.1008.1091284523.5135.python-list at python.org...
> F. GEIGER wrote:
> > "John Fabiani" <jfabiani at yolo.com> schrieb:
> >
> >>Hi,
> >> I'm a newbie and I'm attempting to learn howto create a select
statement.
> >>When I use
> >>
> >>>>>string1='18 Tadlock Place'
> >>>>>cursor.execute("SELECT * FROM mytest where address = %s",string1)
> >>
> >>All works as expected.  But
> >>
> >>>>>numb=10
> >>>>>cursor.execute("SELECT * FROM mytest where clientID = %d",numb)
>  >> [...] raise errorclass, errorvalue
>  >>TypeError: int argument required
>  >>
>
> Then use %i for integers ;-)
>
> > I'm used to do that this way:
> >
> > cursor.execute("SELECT * FROM mytest where clientID = %d" % numb)
>
> That's particularly BAD STYLE. It's best to keep to letting the DB-API
> do the proper quoting for all parameters.
>
> -- Gerhard





More information about the Python-list mailing list