On 02Oct2018 06:04, [email protected] <[email protected]> wrote:
I have to execute the same sql in two different programs.
Each of them marks parameters differently.
Then you are MUCH better off assembling the SQL using come kind of query
constructor, which correctly inserts parameter placeholders is the correct
dialogue.
Anyway, I have found the solution.
cnv_sel = re.sub(r"(:(.+?)\b)", r"${\2}", sel)
That is a recipe for making unsafe SQL. It does not honour quotes. It does not
ensure parameter names are identifiers (which may be vital).
Please look into a library for constructing SQL. My favourite general purpose
one is SQLAlchemy, which lets you write very nice Python expressions which get
turned safely into dialect specific SQL.
Cheers,
Cameron Simpson <[email protected]>
--
https://mail.python.org/mailman/listinfo/python-list
