Matteo Boscolo wrote:
> try:
> myQuery ="""your sql code """%((‘foo’, ‘bar’))
> and then
> cursor.execute(myQuery)
No, no, no! Don't EVER do that. The whole reason these parameter
substitution schemes exist is because it prevents code like this, which
is open to SQL injection attacks.
The only
On Wed, Feb 2, 2011 at 10:42 AM, Mike Driscoll
wrote:
>
> Personally, I use SqlAlchemy for almost all my database work. It takes a
> little longer to learn, but I find it easier to use in the long run.
>
>
Yeah I agree with this. And if you feel the need to work with ODBC
directly, consider the P
On 1:59 PM, Tom Hawkins wrote:
Thanks for all the replies - it's now working fine with ? (after some
delay caused by testing with a single parameter query but forgetting
that the parameter has to be supplied as a single-member list)...
Tom
*Tom Hawkins*
Principal Scientist
Innospec Inc
T
Thanks for all the replies - it's now working fine with ? (after some
delay caused by testing with a single parameter query but forgetting
that the parameter has to be supplied as a single-member list)...
Tom
Tom Hawkins
Principal Scientist
Innospec Inc
Tel: +44 (0)151 356 6197
Fax:
try:
myQuery ="""your sql code """%( (‘foo’, ‘bar’))
and then
cursor.execute(myQuery)
regards,
Matteo
Il 01/02/2011 18:22, Tom Hawkins ha scritto:
Hi,
I’m trying to
The odbc module in Pythonwin uses qmark parameter style I believe, so
use ? instead of %s for parameter substitution.
-> "These thoughts are mine alone!" <-
Andrew MacIntyre Operations Branch
tel: +61 2 6219 5356 Communications Infrastructure Di
Tim's answer is correct. A db api connection object supplies a .paramstyle
method which specifies which of _five_ different parameter substitution
methods is used by the underlying query engine. odbc uses 'qmark', meaning
that you put ? where you want parameters to appear.
You may have something
My impression (but I admit the documentation could be better) is that
parameters on the execute call only apply to data values of INSERT statements.
For any other variable bits, format them into the command string (with the %
operator and appropriate %s/%d/%x etc. elements in the string).
So I
Tom Hawkins wrote:
>
>
>
> I’m trying to get data out of a MS SQL Server 2005 database from a
> Python 2.5 script, using the odbc module - I can’t easily get anything
> more up-to-date installed on this system.
>
> ...
>
> ...it works OK, but if I try to parameterise the query:Any idea what
> I’m
Hi,
I'm trying to get data out of a MS SQL Server 2005 database from a
Python 2.5 script, using the odbc module - I can't easily get anything
more up-to-date installed on this system.
If I specify the query literally, like this:
import dbi, odbc
myQuery = """SELECT EnteredValue FROM
10 matches
Mail list logo
