DB-API execute params, am I missing something?

Lawrence D'Oliveiro ldo at geek-central.gen.new_zealand
Thu May 28 03:12:57 CEST 2009

In message <784h2cF1kem0kU1 at mid.uni-berlin.de>, Diez B. Roggisch wrote:

> Lawrence D'Oliveiro wrote:
>> In message <mailman.766.1243354300.8015.python-list at python.org>, Dennis
>> Lee Bieber wrote:
>>> Notice that db.literal() call? That's part of the mechanism used to
>>> escape and quote parameters -- it only returns strings that are safe for
>>> insertion into the SQL statement.
>> Does it deal with "like"-wildcards?
> Why shouldn't it?
> cursor.execute("select * from table where column like %s", "%name%")

What if the string you're searching for includes a "%" or "_" character?

More information about the Python-list mailing list