escape single and double quotes

Michael Pelz Sherman mpelzsherman at
Wed Oct 24 16:37:56 CEST 2007

Thanks Gabriel. You are correct - this is even documented in the MySQLdb User's Guide (, but it's certainly not intuitive, given how python string interpolation normally works.

Gabriel Genellina <gagsl-py2 at> wrote: En Tue, 23 Oct 2007 20:50:55 -0300, Michael Pelz Sherman  

> Leif B. Kristensen wrote:
>>>>  SQL = 'INSERT into TEMP data = %s'
>>>>  c.execute(SQL, """ text containing ' and ` and all other stuff we
>>> .  might
>>> .   read from the network""")
>>> Sure, but does this work if you need more than one placeholder?
>> Yes it works with more than one placeholder.
> Yes, BUT: I have found that all of the placeholders must be STRINGS!
> If I try to use other data types (%d, %f, etc.), I get an error:
> File "/usr/lib/python2.5/site-packages/MySQLdb/", line 149, in  
> execute
>     query = query % db.literal(args)
> TypeError: float argument required
> It's not a huge problem to convert my non-string args, but it
> seems like this should be fixed if it's a bug, no?

No. The *MARK* is always %s - but the data may be any type (suitable for  
the database column, of course).
The only purpose of %s is to say "insert parameter here". Other adapters  
use a question mark ? as a parameter placeholder, a lot less confusing, as  
it does not look like string interpolation.

Gabriel Genellina


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Python-list mailing list