String substitution VS proper mysql escaping
MRAB
python at mrabarnett.plus.com
Thu Aug 19 15:49:32 EDT 2010
Nik Gr wrote:
[snip]
> Why does the page variable which is actually a string needs to be a
> tuple or a list and not just as a string which is what it actually is?
> I have a strong desire to use it like this:
>
> cursor.execute( '''SELECT hits FROM counters WHERE page = %s''' , page )
>
> opposed to tuple. Would i might facing a problem? Of what? MySQLdb
> instead of give the whole value to the placeholder to give just a single
> char?
When there's more than one value you provide a tuple. It's makes sense
from the point of view of consistency that you also provide a tuple when
there's only one value.
> Also do i need 3-single-quoting here as well or it can be written qith
> signle/double quotes?
> What appleis to strings apply to mysql queries as well?
>
It's just a normal string literal.
More information about the Python-list
mailing list