[Tutor] String with literal %s
Alex Kleider
akleider at sonic.net
Thu Mar 20 17:02:41 CET 2014
On 2014-03-20 07:46, Toni Fuente wrote:
> Hi again,
>
> I am trying to create a string this way:
>
> insertion = "INSERT INTO mytable(week %s) VALUES (\%s, \%s)" %
> osStringI
>
> not enough arguments for format string
>
> Where the first %s is going to be substitute by the variable osStringI,
> but the other two VALUES (\%s, \%s), should be created as literals
> '%s'.
>
> How can I do that?
>
> Regards,
Would
insertion = "INSERT INTO mytable(week %s) VALUES (\%s, \%s)" %
(osStringI, literal1, literal2, )
not work? ..assuming you have first created the two literals, if I
understand you correctly.
.. although I understand that this type of string formatting in the SQL
context exposes one to security vulnerabilities if there is the
potential for data to be coming from potentially unfriendly parties.
More information about the Tutor
mailing list