[Tutor] pyodbc/date values in MS Access
Albert-Jan Roskam
fomcl at yahoo.com
Wed Dec 15 11:37:06 CET 2010
Hi,
I'm using pyodbc (Python 2.5) to insert records in an MS Access database. For
security reasons, question marks should be used for string replacement [*]. The
standard %s would make the code vulnerable to sql code injection. Problem is,
string replacement in the Good Way somehow doesn't work when the values are
dates. Below, snippet #1 does not work (Access says the inserted value is not
consistent with the defined datatype), but #2 does. I tried various other ways
(ie. DateValue, CDate, etc.) but none of them works. Is there a solution for
this?
[*] see http://code.google.com/p/pyodbc/wiki/GettingStarted --> under
'Parameters'
### 1
sql = "INSERT INTO tblSomeTable (myDate) VALUES (?);"
cursor.execute(sql, "#01/01/2010#")
### 2
sql = "INSERT INTO tblSomeTable (myDate) VALUES (%s);"
cursor.execute(sql % "#01/01/2010#")
Cheers!!
Albert-Jan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
All right, but apart from the sanitation, the medicine, education, wine, public
order, irrigation, roads, a fresh water system, and public health, what have the
Romans ever done for us?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20101215/307152fe/attachment.html>
More information about the Tutor
mailing list