DB-API execute params, am I missing something?

Teguh Iskanto tiskanto at gmail.com
Thu May 28 02:32:10 EDT 2009


On Thu, May 28, 2009 at 11:12 AM, Lawrence D'Oliveiro
<ldo at geek-central.gen.new_zealand> wrote:

> In message <784h2cF1kem0kU1 at mid.uni-berlin.de>, Diez B. Roggisch wrote:
>
> > Lawrence D'Oliveiro wrote:
> >
> >> In message <mailman.766.1243354300.8015.python-list at python.org>, Dennis
> >> Lee Bieber wrote:
> >>
> >>> Notice that db.literal() call? That's part of the mechanism used to
> >>> escape and quote parameters -- it only returns strings that are safe
> for
> >>> insertion into the SQL statement.
> >>
> >> Does it deal with "like"-wildcards?
> >
> > Why shouldn't it?
> >
> > cursor.execute("select * from table where column like %s", "%name%")
>
> What if the string you're searching for includes a "%" or "_" character?
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>

>>> A="0"
>>> B="%"
>>>
>>> print "select * from test_table where a like '%%%s%%' " %A
select * from test_table where a like '%0%'
>>>
>>> print "select * from test_table where a like '%%%s%%' " %B
select * from test_table where a like '%%%'
>>>

HTH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20090528/2b622c91/attachment.html>


More information about the Python-list mailing list