[Tutor] String with literal %s
Toni Fuente
tonifuente at yahoo.co.uk
Thu Mar 20 18:34:31 CET 2014
* Alex Kleider <akleider at sonic.net> [2014-03-20 09:02:41 -0700]:
> On 2014-03-20 07:46, Toni Fuente wrote:
> >Hi again,
> >
> >I am trying to create a string this way:
> >
> >insertion = "INSERT INTO mytable(week %s) VALUES (\%s, \%s)" %
> >osStringI
> >
> >not enough arguments for format string
> >
> >Where the first %s is going to be substitute by the variable osStringI,
> >but the other two VALUES (\%s, \%s), should be created as literals
> >'%s'.
> >
> >How can I do that?
> >
> >Regards,
>
>
> Would
> insertion = "INSERT INTO mytable(week %s) VALUES (\%s, \%s)" %
> (osStringI, literal1, literal2, )
> not work? ..assuming you have first created the two literals, if I
> understand you correctly.
> .. although I understand that this type of string formatting in the
> SQL context exposes one to security vulnerabilities if there is the
> potential for data to be coming from potentially unfriendly parties.
Hi Alex,
What I was trying to find is what Alan Gauld has
suggested the literal %s, %s.
Security at this point is not a concern, is just a python exercise.
Thank you anyway :-)
--
Toni
I poured spot remover on my dog. Now he's gone.
-- Steven Wright
More information about the Tutor
mailing list