[DB-SIG] Re: [Tutor] mysql formatting

Andy Dustman farcepest at gmail.com
Wed Nov 3 22:46:27 CET 2004

On Wed, 03 Nov 2004 15:41:52 -0500, Lloyd Kvam <pythontutor at venix.com> wrote:
> I checked our programming.  We add the %  for like to the parameter!

1) Use %s for all parameter placeholders, regardless of type.

1a) You can use %(key)s for a placeholder if you pass a dictionary as
the parameters.

2) Do not put additional quotes around the placeholder.

3) Do not use placeholders for things like table or column names; they
only work for column values.

4) If you use % anywhere in your query (i.e. x LIKE 'foo%'), you must
double it (%%, i.e. x LIKE 'foo%%'); it is not necessary to do this to
your parameter values.


Computer interfaces should never be made of meat.

More information about the Tutor mailing list