On Fri, Apr 10, 2009 at 5:26 PM, Mike H wrote: > Thanks to all of you. > > FYI, I'm doing this because I'm working on creating some insert > statements in SQL, where string values need to be quoted, and integer > values need to be unquoted.
This is what you should have posted in the first place. Your solution is entirely the wrong one, because it will break if your input strings contain the quote character (and suffers from other issues as well)--this is where SQL injection vulnerabilities come from. The safe and correct way is to allow your database driver to insert the parameters into the SQL query for you; it will look something like this (though the exact details will vary depending on what module you're using): cursor.execute('INSERT INTO my_table VALUES (?, ?, ?)', ['test',1,'two']) -Miles -- http://mail.python.org/mailman/listinfo/python-list