Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #34590

Re: MySQLdb insert HTML code error

Date 2012-12-11 00:51 +0000
From MRAB <python@mrabarnett.plus.com>
Subject Re: MySQLdb insert HTML code error
References <CAKhY55Nfq7+CsjqrksdGYxODNYUvBSowXQYjZ6-FzxQeOgBnUQ@mail.gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.702.1355187064.29569.python-list@python.org> (permalink)

Show all headers | View raw


On 2012-12-11 00:04, Anatoli Hristov wrote:
> Hi all,
>
> I'm facing an issue inserting an html code into the DB, it comes out
> with a syntax error but I face it only when I have html code. Could
> help me escape the error somehow ?
>
> Here is my code
>
> def InsertSpecsDB(product_id, spec, lang, name):
>      db = MySQLdb.connect("localhost","getit","opencart")
>      cursor = db.cursor()
>      sql = ("INSERT INTO product_description (product_id, language_id,
> name, description) VALUES ('%s','%s','%s','%s')")
>      params = (product_id, lang, name, spec)
>      cursor.execute(sql, params)
>      id = cursor.lastrowid
>      print"Updated ID %s description %s" %(int(id), lang)
>      return id
>
You're using a parametrised query (which is good :-)), but you've included
quotes around the placeholders. There's no need to do that. They'll be
quoted automatically when necessary:

sql = "INSERT INTO product_description (product_id, language_id, name, 
description) VALUES (%s,%s,%s,%s)"

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread


Thread

Re: MySQLdb insert HTML code error MRAB <python@mrabarnett.plus.com> - 2012-12-11 00:51 +0000

csiph-web