problem with quoted strings while inserting into varchar field of database.

Stefan Sonnenberg-Carstens stefan.sonnenberg at pythonmeister.com
Mon May 7 10:35:07 EDT 2007


On Mo, 7.05.2007, 16:26, Daniele Varrazzo wrote:
>> >> >> >     cur.execute("INSERT INTO datatable (data) VALUES (%s);",
>> >> >> > (pickled_data,))
>
>> %s is not a placeholder IMHO.
>
>> What happens when using %s is, that the string given will be inserted
>> where
>> %s is; that is something python does as with every print or such.
>
> It is indeed. The behavior you describe would be true if i had used
> the "%" operator. Read better what i have written: There is no "%"
> operator.
>
> cur.execute() receives 2 parameters: a SQL string with placeholders
> and a tuple with values: it's not me mangling values into the SQL
> string. This is the driver responsibility and it has the chance
> because it receives SQL and values as two distinct parameters. The
> driver can ask the SQL string to contain placeholders either in qmark
> "?" or in format "%s" style, but there is no functional difference.
> Notice that the placeholder is always "%s" and not "%d" or "%f" for
> integers or float: there is always an escaping phase converting each
> python object into a properly encoded string and then the placeholders
> are replaced with the value. This happens into the execute()
> machinery.
>
>> By using the qmark style, it is up the the implementation of the
>> cursor.execute method to decide what to do. python itself, and it's
>> string
>> implementation, don't know anything to do with the qmark.
>> So, IMHO it *makes* a difference:
>> with %s the execute function sees a string and nothing more as the
>> parameters are consumed away by the % substitution.
>> with ?, the execute implementation must do it's best, it gets a string
>> and
>> a list/tuple with values.
>
> Again, this would be true for "cur.execute(sql % data)": what i wrote
> is "cur.execute(sql, data)".
>
> -- Daniele
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>
Ashes on my head.




More information about the Python-list mailing list