Re: How do I put % in a format sting?
Carsten Haese wrote: While I wholeheartedly agree with the sentiment, calling the ? a formatter only blurs the already blurred distinction between string formatting and parameter passing. The ? is a parameter placeholder. Yeah, you're right. I was actually raising an eyebrow as I typed formatter, because I wasn't sure what to call it. :) -- http://mail.python.org/mailman/listinfo/python-list
How do I put % in a format sting?
How do I put % in a format sting? For example I want this to work: sql_template=SELECT ENTRY FROM LOOKUP WHERE FIELDNAME LIKE '%s%V' sql_template % 'userdef103' Traceback (most recent call last): File interactive input, line 1, in ? TypeError: not enough arguments for format string -- Gregory Piñero Chief Innovation Officer Blended Technologies (www.blendedtechnologies.com) -- http://mail.python.org/mailman/listinfo/python-list
Re: How do I put % in a format sting?
Gregory Piñero wrote: How do I put % in a format sting? write it twice. /F -- http://mail.python.org/mailman/listinfo/python-list
Re: How do I put % in a format sting?
Gregory Piñero wrote: How do I put % in a format sting? For example I want this to work: sql_template=SELECT ENTRY FROM LOOKUP WHERE FIELDNAME LIKE '%s%V' sql_template % 'userdef103' Traceback (most recent call last): File interactive input, line 1, in ? TypeError: not enough arguments for format string Put it immediately after the string: sql_template=SELECT ENTRY FROM LOOKUP WHERE FIELDNAME LIKE '%s%V' % 'userdef103' But I think SQL has other recommended methods. At least with SQLite, it is recommended you not use Python's %s formatter but instead the ? formatter. -- http://mail.python.org/mailman/listinfo/python-list
Re: How do I put % in a format sting?
Thanks guys, putting it twice is all it took! -- http://mail.python.org/mailman/listinfo/python-list
Re: How do I put % in a format sting?
On Thu, 2006-10-05 at 16:15, John Salerno wrote: But I think SQL has other recommended methods. At least with SQLite, it is recommended you not use Python's %s formatter but instead the ? formatter. While I wholeheartedly agree with the sentiment, calling the ? a formatter only blurs the already blurred distinction between string formatting and parameter passing. The ? is a parameter placeholder. I'm not gonna go into the reasons for why one should always use parametrized queries instead of rolling queries via string formatting, but the keywords are SQL injection attack and poor performance. I would like to point out, though, that parameter passing in DB-API compliant database access modules is in general very different from string formatting. In most databases, when you say cur.execute(update sometable set somecolumn = ? where somekey = ?, (spam, eggs)), the database driver does *not* build a query string with string literals for spam and eggs substituted into the query. Real databases have a native API that allows passing a parametrized query and a set of parameter bindings, no string substitution required or desired. Some databases do not have such an API, and their respective DB-API modules emulate parameter passing by string substitution, but that is an implementation detail nobody should care about. However, it is precisely those databases that blur the distinction between parameter passing and string substitution, especially because their implementations tend to use %s parameter placeholders to make the internal string substitution easier, thus leaking an implementation detail into application code in an unfortunate way. (This is also the reason why I'd like to see %s parameter placeholders banned from future versions of the DB-API spec.) The bottom-line is, when writing parametrized queries, the ? or %s or whatever is used to indicate that here be parameters is a parameter placeholder, not a formatter. Thanks for listening, I hope somebody out there finds this helpful ;) -Carsten -- http://mail.python.org/mailman/listinfo/python-list
Re: How do I put % in a format sting?
as fredrik and others have mentioned, '%%' in a format string gives you the single '%' in the string as desired. however, in your specific application (database), it's best to avoid using Python's string formatting unless that is the default provided by your database adapter for the reasons that carsten mentioned, namely the possibility of a SQL injection attack. when dealing with databases, it's always safest to let the adapter code format your string for you. good luck! -- wesley - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Core Python Programming, Prentice Hall, (c)2007,2001 http://corepython.com wesley.j.chun :: wescpy-at-gmail.com python training and technical consulting cyberweb.consulting : silicon valley, ca http://cyberwebconsulting.com -- http://mail.python.org/mailman/listinfo/python-list
Re: How do I put % in a format sting?
On 10/5/06, Gregory Piñero [EMAIL PROTECTED] wrote: Thanks guys, putting it twice is all it took! This rule holds true for a lot of string formatting conventions. (such as in regexes) -- Theerasak -- http://mail.python.org/mailman/listinfo/python-list
