formating query with empty parameter

Aahz aahz at pythoncraft.com
Fri May 29 14:44:14 CEST 2009


In article <mailman.717.1243258005.8015.python-list at python.org>,
Tim Chase  <python.list at tim.thechases.com> wrote:
>
>To stave off this problem, I often use:
>
>   values = [
>    data['a'],
>    data['b'],
>    data['c'],
>    data['d'],
>    data['e'],
>    data['f'],
>    data['g'],
>    ]
>   params = ', '.join('%s' for _ in values)
>   query = """
>     BEGIN;
>       INSERT INTO table
>         (a,b,c,d,e,f,g)
>       VALUES (%s);
>     COMMIT;
>     """ % params
>   self.db.execute(query, values)

How do you handle correct SQL escaping?
-- 
Aahz (aahz at pythoncraft.com)           <*>         http://www.pythoncraft.com/

my-python-code-runs-5x-faster-this-month-thanks-to-dumping-$2K-
    on-a-new-machine-ly y'rs  - tim



More information about the Python-list mailing list