[Tutor] escape-quoting strings
marilyn at deliberate.com
Mon Nov 1 06:32:47 CET 2004
On Sun, 31 Oct 2004, Lloyd Kvam wrote:
> On Sun, 2004-10-31 at 18:06, Marilyn Davis wrote:
> > I got it!!
> > This works:
> > ad0 = address.replace('\\', '\\\\')
> > ad0 = ad0.replace('\"','\\"')
> > db_style0 = '''%%%s%%''' % ad0
> > print "0:", db_style0
> > On Sun, 31 Oct 2004, Rick Pasotto wrote:
> > > On Sun, Oct 31, 2004 at 01:53:42PM -0800, Marilyn Davis wrote:
> > > > Hi Python Tutors,
> > > >
> > > > I'm having a devil of a time quoting strings properly for MySql.
> > >
> > > You example did not include any MySql statements. How are you sending
> > > the string to MySql?
> > I didn't want to complicate my question with MySql stuff.
> > Here is a successful call that depended on the quoting scheme above:
> > insert ignore into doorman (in_id, msg_id, out_address, status, start) values (60, "1COOZD-0003KN-2z", "\"Toys \\\"R\\\" Us Gift Card Giveaway\" <fqgdmvfjfyvjd at dlawczhyh.montebic.com>", "NO_MESSAGE", "0")
> Your real MySQL code was omitted. I'll assume a cursor named curs.
> curs.execute(sql_cmd, parameters)
Oh, I have a method wrapped around it to throw meaningful exceptions,
and then that's in a class that maintains the connection.
> is the general format for executing an SQL statement. With MySQL the
> parameter positions are marked with %s - so it looks like string
> interpolation. Parameters is a tuple of variables that need to be
> inserted into the sql_cmd at the positions marked by %s. DO NOT USE
> PYTHON string interpolation. Let the MySQLdb module do it.
Wow. I had no idea that this was available. I did it all wrong. I
just did a little test and it is totally cool.
> For your situation:
> sql_cmd = '''insert ignore into doorman (in_id, msg_id, out_address,
> status, start) values (60, "1COOZD-0003KN-2z", %s, "NO_MESSAGE", "0")'''
> parameters = (address, )
> There is no need to change the incoming string value to be able to feed
> it into the database.
> The Python DBI documentation does not discuss this clearly enough. I
> made the same mistake in some of my first DBI programs.
I don't see it in the documentation for MySQLdb at all! Should I be
looking somewhere else?
How did you learn this?
I wish I knew this a few months ago. Where have you been?? ;^)
> > Thank you.
> > Marilyn
> > _______________________________________________
> > Tutor maillist - Tutor at python.org
> > http://mail.python.org/mailman/listinfo/tutor
More information about the Tutor