Path: csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.009 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'escape': 0.07; 'subject:code': 0.07; 'cc:addr:python-list': 0.10; 'subject:error': 0.11; 'producing': 0.15; 'properly': 0.15; 'adapter': 0.16; 'message-id:@unknownmsgid': 0.16; 'parameters': 0.20; 'putting': 0.20; 'cc:2**0': 0.23; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; '(since': 0.29; 'statements': 0.29; 'quotes': 0.33; 'received:google.com': 0.34; 'received:209.85': 0.35; "didn't": 0.36; 'thank': 0.36; 'received:209': 0.37; 'subject:: ': 0.38; 'first': 0.61; 'insert,': 0.84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:in-reply-to:mime-version:from:date:message-id:subject:to :cc:content-type; bh=fr6ZRORY1fu3fpIaHEj19/AOhQ28p+3Mq5pHCol6Mjk=; b=irhsDVuNchJeeVkWkf36hiGPxIZXULbZS39wfsTY+/b07Z3AY3sGAmx5ROooZ1KwgG z3h6XV1uYyDcy5W1Dv6vJBLslmVxc9s4nAKUCYQ0DS1ODGGLlliJ/mPmoEaJHXSjHzOU 4zIafoCbXzkoOpf27nqgYa+FvnDvVbYOY5on7k0RrP35asMj2wIsWO6RLd7NkU4hbZqD D5+8kMd/KAi3LWiFo/UA8uR9gTJT1K7T9RdNWw+Vq4xKAxYvH+VaMLdIPJP+Q/kL0JsM dV7IYy9mlucsnX9rFoAmKjL4E2tfSUCu/E8rm9mmRVPqOw5jgEwiwBenodc5GCLc2zpL 9UFg== References: In-Reply-To: Mime-Version: 1.0 (1.0) From: Anatoli Hristov Date: Tue, 11 Dec 2012 08:41:27 +0100 Subject: Re: MySQLdb insert HTML code error To: Dennis Lee Bieber Content-Type: text/plain; charset=UTF-8 Cc: "python-list@python.org" X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 9 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1355211690 news.xs4all.nl 6853 [2001:888:2000:d::a6]:33381 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:34600 > > First thing -- DON'T put quotes around the %s place-holders... The > whole purpose of using the parameterized .execute() is to let the > database adapter properly escape the parameters before putting them into > the SQL (since MySQL didn't have prepared statements before v5, it was > producing full SQL statements for each insert, even with .executemany() > ) Thank you, this solved my problem.:)