escape single and double quotes
Michael Pelz Sherman
mpelzsherman at yahoo.com
Wed Oct 24 16:37:56 CEST 2007
Thanks Gabriel. You are correct - this is even documented in the MySQLdb User's Guide (http://mysql-python.sourceforge.net/MySQLdb.html), but it's certainly not intuitive, given how python string interpolation normally works.
Gabriel Genellina <gagsl-py2 at yahoo.com.ar> wrote: En Tue, 23 Oct 2007 20:50:55 -0300, Michael Pelz Sherman
> Leif B. Kristensen wrote:
>>>> SQL = 'INSERT into TEMP data = %s'
>>>> c.execute(SQL, """ text containing ' and ` and all other stuff we
>>> . might
>>> . read from the network""")
>>> Sure, but does this work if you need more than one placeholder?
>> Yes it works with more than one placeholder.
> Yes, BUT: I have found that all of the placeholders must be STRINGS!
> If I try to use other data types (%d, %f, etc.), I get an error:
> File "/usr/lib/python2.5/site-packages/MySQLdb/cursors.py", line 149, in
> query = query % db.literal(args)
> TypeError: float argument required
> It's not a huge problem to convert my non-string args, but it
> seems like this should be fixed if it's a bug, no?
No. The *MARK* is always %s - but the data may be any type (suitable for
the database column, of course).
The only purpose of %s is to say "insert parameter here". Other adapters
use a question mark ? as a parameter placeholder, a lot less confusing, as
it does not look like string interpolation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-list