QuoteSQL
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Mon Sep 25 03:46:40 EDT 2006
In message <slrnehf19i.ejf.sybrenUSE at schuimige.stuvel.eu>, Sybren Stuvel
wrote:
> Lawrence D'Oliveiro enlightened us with:
>> "select * from details where person_name like"
>> " concat(\"%%\", %s, \"%%\")" \
>> % \
>> QuoteSQL(name, True)
>
> Wouldn't this be a whole lot better?
>
> cursor.execute(
> "select * from details where person_name like ?",
> '%' + name + '%'
> )
No. Can you figure out why?
More information about the Python-list
mailing list