DB-API execute params, am I missing something?

Lawrence D'Oliveiro ldo at geek-central.gen.new_zealand
Thu May 28 03:12:57 CEST 2009


In message <784h2cF1kem0kU1 at mid.uni-berlin.de>, Diez B. Roggisch wrote:

> Lawrence D'Oliveiro wrote:
> 
>> In message <mailman.766.1243354300.8015.python-list at python.org>, Dennis
>> Lee Bieber wrote:
>> 
>>> Notice that db.literal() call? That's part of the mechanism used to
>>> escape and quote parameters -- it only returns strings that are safe for
>>> insertion into the SQL statement.
>> 
>> Does it deal with "like"-wildcards?
> 
> Why shouldn't it?
> 
> cursor.execute("select * from table where column like %s", "%name%")

What if the string you're searching for includes a "%" or "_" character?




More information about the Python-list mailing list