Hi steve. you are right. Thanks for all you who helped to understand how to and *not* to pass queries through psycopg2 which is a module based on python dbapi. the following query worked. cursor.execute("insert into vendors values(%s,%s)", lstParams) lstParams contained all the values and yes one had an ' in it. thanks again for all the help. happy hacking. Krishnakant. On Mon, 2008-12-15 at 12:35 -0500, Steve Holden wrote: > Lamonte Harris wrote: > > I had this problem too. If you've upgraded to python 2.6 you need to > > use the new sytnax "format > > > > queryString = "insert into venders > > values('{0}','{1}','{2}'".format(field1,field2,field3) > > > Will all readers of this thread kindly regard this as an example of how > *not* to generate and execute SQL queries in Python. Study the > cursor.execute() method, and provide parameterized queries and a data > tuple instead. > > Please also note that the above technique explicitly continues to > generate SQL syntax errors in Krishnakan's case where the data values > themselves contain apostrophes. > > regards > Steve
-- http://mail.python.org/mailman/listinfo/python-list