String substitution VS proper mysql escaping

Cameron Simpson cs at
Fri Aug 20 07:22:43 CEST 2010

On 19Aug2010 21:50, Nik Gr <nikos.the.gr33k at> wrote:
|  Στις 19/8/2010 6:58 μμ, ο/η Tim Chase έγραψε:
| >It can be written as a non-3-quote string, you just have to escape
| >the inner quotes (single & double) and the backslash to be seen:
| >
| >  name = 'My name is "Nikos" and I\'m from Thessaloniki\\Greece'
| >  name = "My name is \"Nikos\" and I'm from Thessaloniki\\Greece"
| So if i enclose the string in double quotes the inner double quotes
| have to be escaped while
| if i enclose the string in single quotes the inner single quotes
| have to be escaped.
| But in 3-single-quoting thing became easier since i don't have to
| escape all kind of quotes right? just the backslashes.

Well, unless you have the misfortune to want three single quotes in a
row inside your 3-single-quoting string...

| Why does the page variable which is actually a string needs to be a
| tuple or a list and not just as a string which is what it actually
| is?

With regard to the "%" operator, it considers the string on the left to
be a format string with multiple %blah things in it to replace. The
thing on the right is a sequence of items to place into the format

So the thing on the right is _supposed_ to 

| I have a strong desire to use it like this:
| cursor.execute( '''SELECT hits FROM counters WHERE page = %s''' , page )
| opposed to tuple.

Hmm. This isn't the python "%" format operator at all.
This is the database API's .execute() method.
If it expects its second argument to be a sequence of parameters
(which is does) then you need to supply a sequence of parameters.
It is that simple!

In you usage above you're supplying "page" instead of "(page,)".
The latter matches the .execute() method's requirements.
Cameron Simpson <cs at> DoD#743

The fabs of the future will be pressrooms.
- overhead by WIRED at the Intelligent Printing conference Oct2006

More information about the Python-list mailing list