Nick the Gr33k <nikos.gr...@gmail.com> writes:
> sql = '''INSERT INTO visitors (counterID, refs, host, city, useros,
> browser, visits, downloads) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)'''
> % (cID, refs, host, city, useros, browser, visits, downloads)
It was suggested *several* times but I'll reiterate: do not use Python
iterpolation to pass parameters to your SQL statements, or you sooner or
later will hit this kind of problems.
To be clear:
>>> myvalue = "Italy, Europe"
>>> mysql = "INSERT INTO sometable (theid, thevalue) VALUES (%s, %s)" %
(myid, myvalue)
>>> print(mysql)
INSERT INTO sometable (theid, thevalue) VALUES (theid, Italy, Europe)
ciao, lele.
--
nickname: Lele Gaifax | Quando vivrò di quello che ho pensato ieri
real: Emanuele Gaifas | comincerò ad aver paura di chi mi copia.
l...@metapensiero.it | -- Fortunato Depero, 1929.
--
https://mail.python.org/mailman/listinfo/python-list
