Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; '(at': 0.03; '+0100,': 0.07; 'nasty': 0.07; '(it': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'pm,': 0.11; 'wrote:': 0.14; '"...': 0.16; 'ah...': 0.16; 'bieber': 0.16; 'declaimed': 0.16; 'email addr:ix.netcom.com': 0.16; 'email name:wlfraed': 0.16; 'from:addr:ix.netcom.com': 0.16; 'from:addr:wlfraed': 0.16; 'from:name:dennis lee bieber': 0.16; 'received:dsl.mindspring.com': 0.16; 'received:mindspring.com': 0.16; 'received:wlfraed': 0.16; 'url:netcom': 0.16; 'url:wlfraed': 0.16; 'wearing': 0.16; 'wulfraed': 0.16; 'tend': 0.16; 'tue,': 0.20; 'lee': 0.22; 'mon,': 0.22; 'values': 0.23; 'properly': 0.25; 'url:home': 0.25; 'chris': 0.27; 'string': 0.29; 'least': 0.30; "won't": 0.30; 'perhaps': 0.32; 'to:addr:python-list': 0.32; '...': 0.32; 'header:X-Complaints-To:1': 0.34; 'put': 0.35; 'forces': 0.35; 'quotes': 0.35; 'subject:use': 0.35; 'think': 0.36; 'either': 0.37; 'apr': 0.38; 'but': 0.38; 'database': 0.38; 'received:org': 0.38; 'tim': 0.39; 'end': 0.39; 'to:addr:python.org': 0.39; 'where': 0.39; 'header:Mime- Version:1': 0.39; "it's": 0.40; 'header:Received:5': 0.40; '2011': 0.62; 'engine': 0.67; 'dennis': 0.68; 'golden': 0.68; 'concatenate': 0.84; 'safe.': 0.95 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Dennis Lee Bieber Subject: Re: strange use of %s Date: Tue, 19 Apr 2011 21:01:48 -0700 Organization: > Bestiaria Support Staff < References: <4dabf65a$0$18250$4fafbaef@reader2.news.tin.it> <4DABF9F8.2020609@timgolden.me.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Gmane-NNTP-Posting-Host: user-3cf84ob.dsl.mindspring.com X-Newsreader: Forte Agent 3.3/32.846 X-No-Archive: YES X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 30 NNTP-Posting-Host: 82.94.164.166 X-Trace: 1303272133 news.xs4all.nl 41102 [::ffff:82.94.164.166]:55488 X-Complaints-To: abuse@xs4all.nl Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:3647 On Tue, 19 Apr 2011 15:31:44 +1000, Chris Angelico declaimed the following in gmane.comp.python.general: > On Tue, Apr 19, 2011 at 3:22 PM, Dennis Lee Bieber > wrote: > > On Mon, 18 Apr 2011 09:44:40 +0100, Tim Golden > > declaimed the following in gmane.comp.python.general: > > > > > >>    sql = "SELECT ... WHERE name LIKE '%' + ? + '%'" > >>    q = db.cursor () > >>    q.execute (sql, [response]) > >> > >        That won't work properly either (at least not in MySQLdb -- which > > quotes the values put into the placeholder; you'd end up with > >        '%''value''%' > > You'd end up with "... LIKE '%' + 'value' + '%'" which is perhaps > overkill (it forces the database engine to concatenate three strings), > but at least it's safe. > Ah... must have been wearing the wrong glasses at the time and overlooked that the +s were /in/ the SQL statement... I tend not to think of string concatenation in SQL... So end up with the nasty pre-wrapping I showed. -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/