QuoteSQL

Lawrence D'Oliveiro ldo at geek-central.gen.new_zealand
Mon Sep 25 11:40:30 CEST 2006


In message <Xns98496B28F5FBFduncanbooth at 127.0.0.1>, Duncan Booth wrote:

> Sybren Stuvel <sybrenUSE at YOURthirdtower.com.imagination> wrote:
> 
>> Ok, should have tested it better. This works fine on my machine,
>> though:
>> 
>> curs.execute(
>>     "select * from details where person_name like ?",
>>     ('%' + name + '%', )
>> )
>> 
>> Including all sorts of quotes, newlines, backslashes etc. in the name.
>> 
> I think his point was that any '%' characters inside name act like
> wildcards whereas his version looked for literal percents.
> 
> This could be an argument for having a utility function to escape the
> wildcards for this sort of situation, but certainly not an argument for
> his proposed QuoteSQL.

Why not? That is exactly one of the options my QuoteSQL offers.



More information about the Python-list mailing list