On Sat, 20 Oct 2007 21:06:31 -0700, Dennis Lee Bieber wrote
> On Sat, 20 Oct 2007 22:47:23 -0400, Carsten Haese <[EMAIL PROTECTED]>
> declaimed the following in comp.lang.python:
>
> > Haven't we told you before not to use the % operator to fill values into
> > a query? Use parameter binding:
> >
> > cursor.execute("SELECT id from templinks where url=%s", (URL,) )
> >
> And check the adapter documentation with regards to the placeholder
> it uses... It may just want a ? instead of %s
The OP uses psycopg2, which unfortunately uses %s parameter notation. But I
agree, it's worth noting that the parameter style may vary between different
DB-API implementations (until the next version of DB-API, when supporting at
least qmark and named parameter styles becomes mandatory, yay!).
--
Carsten Haese
http://informixdb.sourceforge.net
--
http://mail.python.org/mailman/listinfo/python-list
