Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #34590 > unrolled thread

Re: MySQLdb insert HTML code error

Started byMRAB <python@mrabarnett.plus.com>
First post2012-12-11 00:51 +0000
Last post2012-12-11 00:51 +0000
Articles 1 — 1 participant

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.


Contents

  Re: MySQLdb insert HTML code error MRAB <python@mrabarnett.plus.com> - 2012-12-11 00:51 +0000

#34590 — Re: MySQLdb insert HTML code error

FromMRAB <python@mrabarnett.plus.com>
Date2012-12-11 00:51 +0000
SubjectRe: MySQLdb insert HTML code error
Message-ID<mailman.702.1355187064.29569.python-list@python.org>
On 2012-12-11 00:04, Anatoli Hristov wrote:
> Hi all,
>
> I'm facing an issue inserting an html code into the DB, it comes out
> with a syntax error but I face it only when I have html code. Could
> help me escape the error somehow ?
>
> Here is my code
>
> def InsertSpecsDB(product_id, spec, lang, name):
>      db = MySQLdb.connect("localhost","getit","opencart")
>      cursor = db.cursor()
>      sql = ("INSERT INTO product_description (product_id, language_id,
> name, description) VALUES ('%s','%s','%s','%s')")
>      params = (product_id, lang, name, spec)
>      cursor.execute(sql, params)
>      id = cursor.lastrowid
>      print"Updated ID %s description %s" %(int(id), lang)
>      return id
>
You're using a parametrised query (which is good :-)), but you've included
quotes around the placeholders. There's no need to do that. They'll be
quoted automatically when necessary:

sql = "INSERT INTO product_description (product_id, language_id, name, 
description) VALUES (%s,%s,%s,%s)"

[toc] | [standalone]


Back to top | Article view | comp.lang.python


csiph-web