Re: string class variable to sqlite3

On Mon, Oct 19, 2015 at 3:10 AM, andybrookestar--- via Python-list wrote: > I acknowledge the security points & also by the way I omitted using any Try > Catch statements , because at this stage coming from PHP I was more focused > on getting a select statement to

Re: string class variable to sqlite3

cheers Mark, it was the syntax that was foxing me; I don't like the example of the select statement via the insecure approach because the writer is adding an element of ambiguity since the table has a field called and a variable also called #modifying my class to import sqlite3 class

Re: string class variable to sqlite3

I acknowledge the security points & also by the way I omitted using any Try Catch statements , because at this stage coming from PHP I was more focused on getting a select statement to actually work in python. Also I know the end use will be off line and is part of a python & kivy project to

Re: string class variable to sqlite3

andybrookes...@googlemail.com: > cursor = self.conn.execute("SELECT * from wiki WHERE one LIKE '%s' "% >self.myString1) That's really dangerous. See: http://stackoverflow.com/questions/309945/how-to-quote-a-strin g-value-explicitly-python-db-api-psycopg2> Now,

string class variable to sqlite3

i'm mainly a PHP man but playing with python recently! I have a very small class that retrieves data from a very small sqlite3 db called encyclopedia,which has a table called wiki & two field called one & two (yes I know - no imagination, I should get out more!): import sqlite3 class do:

Re: string class variable to sqlite3

On 17/10/2015 20:42, andybrookestar--- via Python-list wrote: i'm mainly a PHP man but playing with python recently! I have a very small class that retrieves data from a very small sqlite3 db called encyclopedia,which has a table called wiki & two field called one & two (yes I know - no