database questions ala newbie pythonist

Dan Sommers me at privacy.net
Thu Dec 2 12:25:05 CET 2004


On Wed, 1 Dec 2004 20:45:13 -0500,
"chris" <splungent at aol.com> wrote:

> But when I try to use a variable such as:

> ###################################################################
> ...
> varA = '0'
> varB = '1190'
> mycursor.execute('Update Categories Set DelStatus = ' varA 'Where ProductID
> = ' varB)
> ...
> ###################################################################

Let the database module (looks like odbc) do that for you:

    sql = 'UPDATE categories SET delstatus = %s WHERE productid = %s'
    values = (varA, varB)
    mycursor.execute( sql, values )

The database module will know exactly how to quote and escape and
whatever else is necessary to build a valid SQL statement.  Your
particular module may support other options, too, but it knows more than
you do (and has, in theory, already been debugged).

See also PEP 249, <http://www.python.org/peps/pep-0249.html>.

HTH,
Dan

-- 
Dan Sommers
<http://www.tombstonezero.net/dan/>
Never play leapfrog with a unicorn.



More information about the Python-list mailing list