sql escaping module - Frank Millman Followup
frank at chagford.com
Fri Dec 9 06:32:02 CET 2005
David Bear wrote:
> The statement above can cause relief or pain. Letting the DBAPI handle
> proper string escapes, formating, etc., is a big relief. However, I am
> still wondering what happens under the covers. If I have a string '1\n'
> that I've read from some source and I really intend on inserting it into
> the data base as a number 1, if the tape column it goes into is of type int
> or num or float, will the DBAPI really know what to do with the newline?
Try it and see. This is what I get -
>>> import psycopg2
>>> db = psycopg2.connect(database='mydb')
>>> c = db.cursor()
>>> c.execute('create table xxx (col1 int)')
>>> c.execute('insert into xxx values (%s)', '1')
>>> c.execute('insert into xxx values (%s)', 'a')
psycopg.ProgrammingError: invalid input syntax for integer: "a"
>>> c.execute('insert into xxx values (%s)', '1\n')
TypeError: not all arguments converted during string formatting
Different DBAPI modules may handle it differently.
More information about the Python-list