Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
> In message <[EMAIL PROTECTED]>, Duncan Booth wrote:
>> Deary me. Did you actually test out that bit of code before you
>> posted it?
>
>>>> execfile("QuoteSQL.py")
>>>> EscapeSQLWild(r"\%")
> '\\\\%'
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%")
> '"%\\\\\\\\%%"'
>>>> EscapeSQLWild(r"\%") == r"\\%"
> True
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%") == r'"%\\\\%%"'
> True
>
Ah, so that's a 'no' then. I can't see any tests there. How do you know
that those strings work correctly MySQL queries?
Please, open your mind to what I'm saying. I'm not trying to criticise your
aims, just trying to point out the simple fact that your EscapeSQLWild
function has a bug. If nothing else, the fact that you are finding this so
hard to understand shows that there is a need for a correctly written
function to do this.
The fix to EscapeSQLWild to get test_escapebackslashwild2 to work is a
trivial change, and not suprisingly also makes the other failing test in my
script (the one using parameterised queries and EscapeSQLWild) pass.
Again, please, try running the script I posted, and in particular
test_escapebackslashwild2. It uses the SQL query you yourself created, and
it fails because it matches something it shouldn't.
--
http://mail.python.org/mailman/listinfo/python-list
