Quoting sql queries with the DB-API
snacktime
snacktime at gmail.com
Sun Jan 23 21:44:39 EST 2005
> > Also, is this a good way to use variables in an insert/update
> > statement, or is there a better way?
> >
> > sql = "insert into test(a,b) values('%s','%s')" % (a,b)
> > cursor.execute(sql)
>
> If you do it like this:
>
> sql = "INSERT INTO test(a, b) VALUES(%s, %s)" # no quotes around the %s
> cursor.execute(sql, (a, b))
>
> Then the quoting will be handled automatically for you.
Ah makes sense, thanks for the tip that was exactly what I needed.
Chris
More information about the Python-list
mailing list