strange use of %s
rosuav at gmail.com
Tue Apr 19 07:31:44 CEST 2011
On Tue, Apr 19, 2011 at 3:22 PM, Dennis Lee Bieber
<wlfraed at ix.netcom.com> wrote:
> On Mon, 18 Apr 2011 09:44:40 +0100, Tim Golden <mail at timgolden.me.uk>
> declaimed the following in gmane.comp.python.general:
>> sql = "SELECT ... WHERE name LIKE '%' + ? + '%'"
>> q = db.cursor ()
>> q.execute (sql, [response])
> That won't work properly either (at least not in MySQLdb -- which
> quotes the values put into the placeholder; you'd end up with
You'd end up with "... LIKE '%' + 'value' + '%'" which is perhaps
overkill (it forces the database engine to concatenate three strings),
but at least it's safe.
More information about the Python-list