formating query with empty parameter
Aahz
aahz at pythoncraft.com
Fri May 29 08:44:14 EDT 2009
In article <mailman.717.1243258005.8015.python-list at python.org>,
Tim Chase <python.list at tim.thechases.com> wrote:
>
>To stave off this problem, I often use:
>
> values = [
> data['a'],
> data['b'],
> data['c'],
> data['d'],
> data['e'],
> data['f'],
> data['g'],
> ]
> params = ', '.join('%s' for _ in values)
> query = """
> BEGIN;
> INSERT INTO table
> (a,b,c,d,e,f,g)
> VALUES (%s);
> COMMIT;
> """ % params
> self.db.execute(query, values)
How do you handle correct SQL escaping?
--
Aahz (aahz at pythoncraft.com) <*> http://www.pythoncraft.com/
my-python-code-runs-5x-faster-this-month-thanks-to-dumping-$2K-
on-a-new-machine-ly y'rs - tim
More information about the Python-list
mailing list