[Tutor] pyodbc/date values in MS Access

Albert-Jan Roskam fomcl at yahoo.com
Wed Dec 15 11:37:06 CET 2010


I'm using pyodbc (Python 2.5) to insert records in an MS Access database. For 
security reasons, question marks should be used for string replacement [*]. The 
standard %s would make the code vulnerable to sql code injection. Problem is, 
string replacement in the Good Way somehow doesn't work when the values are 
dates. Below, snippet #1 does not work (Access says the inserted value is not 
consistent with the defined datatype), but #2 does. I tried various other ways 
(ie. DateValue, CDate, etc.) but none of them works. Is there a solution for 

[*] see http://code.google.com/p/pyodbc/wiki/GettingStarted --> under 

### 1
sql = "INSERT INTO tblSomeTable (myDate) VALUES (?);"
cursor.execute(sql, "#01/01/2010#")

### 2
sql = "INSERT INTO tblSomeTable (myDate) VALUES (%s);"
cursor.execute(sql % "#01/01/2010#")


All right, but apart from the sanitation, the medicine, education, wine, public 
order, irrigation, roads, a fresh water system, and public health, what have the 
Romans ever done for us?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20101215/307152fe/attachment.html>

More information about the Tutor mailing list