Path: csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'syntax': 0.03; 'escape': 0.07; 'subject:code': 0.07; 'cursor': 0.09; 'name):': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'def': 0.10; 'subject:error': 0.11; 'dec': 0.15; 'producing': 0.15; 'properly': 0.15; 'adapter': 0.16; 'description)': 0.16; 'inserting': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'spec,': 0.16; 'code.': 0.20; 'parameters': 0.20; 'putting': 0.20; 'all,': 0.21; 'values': 0.26; 'header:X-Complaints-To:1': 0.28; 'skip:( 20': 0.28; '(since': 0.29; '+0100,': 0.29; 'facing': 0.29; 'statements': 0.29; "i'm": 0.29; 'error': 0.30; 'code': 0.31; 'could': 0.32; 'quotes': 0.33; 'url:home': 0.33; 'to:addr:python- list': 0.33; 'received:org': 0.36; 'but': 0.36; 'skip:m 40': 0.36; "didn't": 0.36; 'charset:us-ascii': 0.36; 'subject:: ': 0.38; 'to:addr:python.org': 0.39; 'header:Received:5': 0.40; 'help': 0.40; 'face': 0.61; 'first': 0.61; 'here': 0.65; 'insert,': 0.84; 'dennis': 0.91; 'received:108': 0.91 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Dennis Lee Bieber Subject: Re: MySQLdb insert HTML code error Date: Tue, 11 Dec 2012 02:08:53 -0500 Organization: > Bestiaria Support Staff < References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: adsl-108-68-176-1.dsl.klmzmi.sbcglobal.net X-Newsreader: Forte Agent 3.3/32.846 X-No-Archive: YES X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 27 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1355209724 news.xs4all.nl 6938 [2001:888:2000:d::a6]:54714 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:34599 On Tue, 11 Dec 2012 01:04:44 +0100, Anatoli Hristov declaimed the following in gmane.comp.python.general: > Hi all, > > I'm facing an issue inserting an html code into the DB, it comes out > with a syntax error but I face it only when I have html code. Could > help me escape the error somehow ? > > Here is my code > > def InsertSpecsDB(product_id, spec, lang, name): > db = MySQLdb.connect("localhost","getit","opencart") > cursor = db.cursor() > sql = ("INSERT INTO product_description (product_id, language_id, > name, description) VALUES ('%s','%s','%s','%s')") First thing -- DON'T put quotes around the %s place-holders... The whole purpose of using the parameterized .execute() is to let the database adapter properly escape the parameters before putting them into the SQL (since MySQL didn't have prepared statements before v5, it was producing full SQL statements for each insert, even with .executemany() ) -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/