database questions ala newbie pythonist
Dan Sommers
me at privacy.net
Thu Dec 2 06:25:05 EST 2004
On Wed, 1 Dec 2004 20:45:13 -0500,
"chris" <splungent at aol.com> wrote:
> But when I try to use a variable such as:
> ###################################################################
> ...
> varA = '0'
> varB = '1190'
> mycursor.execute('Update Categories Set DelStatus = ' varA 'Where ProductID
> = ' varB)
> ...
> ###################################################################
Let the database module (looks like odbc) do that for you:
sql = 'UPDATE categories SET delstatus = %s WHERE productid = %s'
values = (varA, varB)
mycursor.execute( sql, values )
The database module will know exactly how to quote and escape and
whatever else is necessary to build a valid SQL statement. Your
particular module may support other options, too, but it knows more than
you do (and has, in theory, already been debugged).
See also PEP 249, <http://www.python.org/peps/pep-0249.html>.
HTH,
Dan
--
Dan Sommers
<http://www.tombstonezero.net/dan/>
Never play leapfrog with a unicorn.
More information about the Python-list
mailing list