On Thu, May 28, 2009 at 11:12 AM, Lawrence D'Oliveiro <[email protected]_zealand> wrote:
> In message <[email protected]>, Diez B. Roggisch wrote: > > > Lawrence D'Oliveiro wrote: > > > >> In message <[email protected]>, Dennis > >> Lee Bieber wrote: > >> > >>> Notice that db.literal() call? That's part of the mechanism used to > >>> escape and quote parameters -- it only returns strings that are safe > for > >>> insertion into the SQL statement. > >> > >> Does it deal with "like"-wildcards? > > > > Why shouldn't it? > > > > cursor.execute("select * from table where column like %s", "%name%") > > What if the string you're searching for includes a "%" or "_" character? > > -- > http://mail.python.org/mailman/listinfo/python-list > >>> A="0" >>> B="%" >>> >>> print "select * from test_table where a like '%%%s%%' " %A select * from test_table where a like '%0%' >>> >>> print "select * from test_table where a like '%%%s%%' " %B select * from test_table where a like '%%%' >>> HTH
-- http://mail.python.org/mailman/listinfo/python-list
