Path: csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.043 X-Spam-Evidence: '*H*': 0.91; '*S*': 0.00; 'subject:code': 0.07; 'subject:error': 0.11; ':-)': 0.13; '"insert': 0.16; 'description)': 0.16; 'received:209.85.214.174': 0.21; 'header:In- Reply-To:1': 0.25; '(which': 0.26; 'values': 0.26; 'raw': 0.27; 'message-id:@mail.gmail.com': 0.27; "they'll": 0.29; 'included': 0.29; 'that.': 0.30; 'query': 0.30; 'quotes': 0.33; 'to:addr :python-list': 0.33; 'received:google.com': 0.34; 'wrong': 0.34; 'thanks': 0.34; 'direction': 0.35; 'received:209.85': 0.35; 'but': 0.36; 'received:209': 0.37; 'subject:: ': 0.38; 'to:addr:python.org': 0.39; 'received:209.85.214': 0.39; 'header:Received:5': 0.40; "you've": 0.61; 'str.': 0.91 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=EEwExoySemVfJ1YZZy4HXXlDKVT5+blccb6XHPf+Sdw=; b=NZQ6I73e0URQ2jUlid2mFgGPCSK/T306Wj+L6Vr6qOyPv5DOM7rwX4pnfhKqP2lehu qGoqFzf1YlWCjrVI4wCfkwi9gc8bzWWvVLZf2c3KU8XlhSAnSdx6H7UoFcCTPqZw3kt8 GRejBhxg1xGQhRRdhwOR765gOmwUCY23ybLqAQVqdM28Bd2YdKyUwzRwEPNtooduBQ4v uAx0Y+Up2xERCHX2gPUbX78Yl6HLZynRziVww7K1qWwuX3mK2LW9rTM1jQlwxs67wiEi pcRMg3hOym7X7rDdrmPSkyTJuYttuu+YGMl3izEt9iTdTSCT9ZbabuD8kF4tJrQICaq9 nsSQ== MIME-Version: 1.0 In-Reply-To: <50C6837D.9040307@mrabarnett.plus.com> References: <50C6837D.9040307@mrabarnett.plus.com> Date: Tue, 11 Dec 2012 02:05:38 +0100 Subject: Re: MySQLdb insert HTML code error From: Anatoli Hristov To: python-list@python.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 9 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1355187941 news.xs4all.nl 6861 [2001:888:2000:d::a6]:42571 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:34591 > You're using a parametrised query (which is good :-)), but you've included > quotes around the placeholders. There's no need to do that. They'll be > quoted automatically when necessary: > > sql = "INSERT INTO product_description (product_id, language_id, name, > description) VALUES (%s,%s,%s,%s)" Thanks a lot it woooorks. I was looking in the wrong direction (escape str. raw etc) Thanks again :-)