Joe Strout a écrit :
On Dec 15, 2008, at 6:46 AM, Krishnakant wrote:

in this case, I get a problem when there is ' in any of the values
during insert or update.

That's because ' is the SQL string literal delimiter. But any SQL-compliant database allows you to "escape" an apostrophe within a string literal by doubling it. So for each of your values, just do:

  value = value.replace("'", "''")

before stuffing them into your INSERT or UPDATE statement. (If these values come from the user, and especially if they come over the network, then you probably want to do a few other replacements; google "SQL injection" for details.)

Or just learn to make proper use of the db-api, ie use

cursor.execute(
    "select yadda from mytable where foo=%s or bar=%s",
    (foo, bar)
    )

NB : replace '%s' with '?' or whatever is the correct placeholder for you particular db-api connector.

--
http://mail.python.org/mailman/listinfo/python-list

Reply via email to