a question about mysqldb

Edwin.Madari at VerizonWireless.com Edwin.Madari at VerizonWireless.com
Thu Aug 14 20:30:23 CEST 2008


db module properly formats arguments, if input arguments are separated from table_name and colum_names.....

columns = ('tID', 'tNote')
table_name = 'tmp'
sql = 'select %s from %s where tID=:1' % ( ', '.join(columns), table_name)
cursor.execute(sql, (1,))

# sql is now 'select tID, tNote from tmp where tID=:1'
# note the comma in argument tuple to execute (1,)

thanks Edwin

-----Original Message-----
From: python-list-bounces+edwin.madari=verizonwireless.com at python.org
[mailto:python-list-bounces+edwin.madari=verizonwireless.com at python.org]
On Behalf Of Eric Wertman
Sent: Thursday, August 14, 2008 2:13 PM
To: python-list at python.org
Subject: Re: a question about mysqldb


I also like to use escaped identifiers in cases like this:

sql = "select tID,tNote from %s where %s = %%s" % ("tmp","tID")
cursor.execute(sql,1)

should work fine.
--
http://mail.python.org/mailman/listinfo/python-list


The information contained in this message and any attachment may be
proprietary, confidential, and privileged or subject to the work
product doctrine and thus protected from disclosure.  If the reader
of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify me
immediately by replying to this message and deleting it and all
copies and backups thereof.  Thank you.





More information about the Python-list mailing list