String substitution VS proper mysql escaping
cs at zip.com.au
Fri Aug 20 07:22:43 CEST 2010
On 19Aug2010 21:50, Nik Gr <nikos.the.gr33k at gmail.com> wrote:
| Στις 19/8/2010 6:58 μμ, ο/η Tim Chase έγραψε:
| >It can be written as a non-3-quote string, you just have to escape
| >the inner quotes (single & double) and the backslash to be seen:
| > name = 'My name is "Nikos" and I\'m from Thessaloniki\\Greece'
| > name = "My name is \"Nikos\" and I'm from Thessaloniki\\Greece"
| So if i enclose the string in double quotes the inner double quotes
| have to be escaped while
| if i enclose the string in single quotes the inner single quotes
| have to be escaped.
| But in 3-single-quoting thing became easier since i don't have to
| escape all kind of quotes right? just the backslashes.
Well, unless you have the misfortune to want three single quotes in a
row inside your 3-single-quoting string...
| Why does the page variable which is actually a string needs to be a
| tuple or a list and not just as a string which is what it actually
With regard to the "%" operator, it considers the string on the left to
be a format string with multiple %blah things in it to replace. The
thing on the right is a sequence of items to place into the format
So the thing on the right is _supposed_ to
| I have a strong desire to use it like this:
| cursor.execute( '''SELECT hits FROM counters WHERE page = %s''' , page )
| opposed to tuple.
Hmm. This isn't the python "%" format operator at all.
This is the database API's .execute() method.
If it expects its second argument to be a sequence of parameters
(which is does) then you need to supply a sequence of parameters.
It is that simple!
In you usage above you're supplying "page" instead of "(page,)".
The latter matches the .execute() method's requirements.
Cameron Simpson <cs at zip.com.au> DoD#743
The fabs of the future will be pressrooms.
- overhead by WIRED at the Intelligent Printing conference Oct2006
More information about the Python-list