On 7 Mag, 08:55, "krishnakant Mane" <[EMAIL PROTECTED]> wrote:
> On 6 May 2007 11:22:52 -0700, Daniele Varrazzo <[EMAIL PROTECTED]> >> Every
> serious database driver has a complete and solid SQL escaping
> > mechanism. This mechanism tipically involves putting placeholders in
> > your SQL strings and passing python data in a separate tuple or
> > dictionary. Kinda
>
> > cur.execute("INSERT INTO datatable (data) VALUES (%s);",
> > (pickled_data,))
>
> I will try doing that once I get back to the lab.
> mean while I forgot to mention in my previous email that I use MySQLdb
> for python-mysql connection.
OK: MySQLdb implements the escaping mechanism i described. You can
find the documentation if you look for it harder.
> I did not find any such reference to storing pickled objects in the API.
Storing pickled object is not different from storing anything else
into BLOB. You would have faced the same problem if you had to write
"O'Reilly" in a VARCHAR field.
-- Daniele
--
http://mail.python.org/mailman/listinfo/python-list
