Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #3538
| References | <4dabf65a$0$18250$4fafbaef@reader2.news.tin.it> <4DABF9F8.2020609@timgolden.me.uk> <ioj65v$1j7$1@dough.gmane.org> |
|---|---|
| Date | 2011-04-19 15:31 +1000 |
| Subject | Re: strange use of %s |
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.546.1303191107.9059.python-list@python.org> (permalink) |
On Tue, Apr 19, 2011 at 3:22 PM, Dennis Lee Bieber <wlfraed@ix.netcom.com> wrote: > On Mon, 18 Apr 2011 09:44:40 +0100, Tim Golden <mail@timgolden.me.uk> > declaimed the following in gmane.comp.python.general: > > >> sql = "SELECT ... WHERE name LIKE '%' + ? + '%'" >> q = db.cursor () >> q.execute (sql, [response]) >> > That won't work properly either (at least not in MySQLdb -- which > quotes the values put into the placeholder; you'd end up with > '%''value''%' You'd end up with "... LIKE '%' + 'value' + '%'" which is perhaps overkill (it forces the database engine to concatenate three strings), but at least it's safe. Chris Angelico
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
strange use of %s Tracubik <affdfsdfdsfsd@b.com> - 2011-04-18 08:29 +0000
Re: strange use of %s Tim Golden <mail@timgolden.me.uk> - 2011-04-18 09:44 +0100
Re: strange use of %s John Nagle <nagle@animats.com> - 2011-04-25 15:01 -0700
Re: strange use of %s Chris Angelico <rosuav@gmail.com> - 2011-04-26 08:10 +1000
Re: strange use of %s Chris Angelico <rosuav@gmail.com> - 2011-04-18 18:50 +1000
Re: strange use of %s Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2011-04-18 22:22 -0700
Re: strange use of %s Chris Angelico <rosuav@gmail.com> - 2011-04-19 15:31 +1000
Re: strange use of %s Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2011-04-19 21:01 -0700
csiph-web