Good answer. Using the c.execute(command,parameter) solves my problem. On Wednesday, July 25, 2012 8:49:07 PM UTC-4, Dennis Lee Bieber wrote: > > On Wed, 25 Jul 2012 14:40:04 -0700 (PDT), fanchyna <fanch...@gmail.com> > declaimed the following in gmane.comp.python.django.user: > > > > > > import os > > > import runconfig #configuration file > > > os.environ['DJANGO_SETTINGS_MODULE'] = > runconfig.django_settings_module > > > from django.db import connection,transaction > > > c = connection.cursor() > > > url = > > > " > http://www.academicjournals.org/ijps/PDF/pdf2011/18mar/G%C3%B3mez-Berb%C3%ADs > > > et al.pdf" > > > > > > dbquery = "INSERT INTO main_crawl_document SET url="+url > > > c.execute(dbquery) > > > transaction.commit_unless_managed() > > > ONE: That is not a valid SQL statement for INSERT or UPDATE ... > > INSERT INTO table (fieldlist) VALUES (valuelist) > UPDATE table SET field = value WHERE key=identifier > > TWO: NEVER build up your query by hand, USE the DB-API parameter > system to safely quote parameters... > > dbquery = "insert into main_crawl_document (url-or-whatever-field) > values (%s)" > c.execute(dbquery, url) > > {note: MySQLdb uses %s for the placeholder, SQLite3 uses ? for > placeholder, other RDBMs could use other syntax -- removing these > concerns is one goal of using RDBM-agnostic ORM systems} > -- > Wulfraed Dennis Lee Bieber AF6VN > wlfr...@ix.netcom.com HTTP://wlfraed.home.netcom.com/ > >
-- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/JtYsj-B9GTsJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.