cur.execute(INSERT INTO images (image) VALUES (?), data_obj)
In my case, I'm using psycopg2 for PostgreSQL. I just did a test,
and it doesn't seem to like the ? syntax. I'll check the
documentation
to see if there's a setting to have it use the ? syntax.
It may well be the Python
sql_statement = INSERT INTO images (image) VALUES (%s)
cur.execute(sql_statement, (data_obj, ))
Is it just moving the variable substitution to the execute statement
as
a tuple, so it will perform the proper quoting?
Nope, the syntax changes slightly, and I believe
-Original Message-
From: Alan Gauld [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 21, 2006 2:51 AM
To: Mike Hansen; tutor@python.org
Subject: Re: [Tutor] Python CGI Script
sql_statement = INSERT INTO images (image) VALUES (%s)
cur.execute
On Thu, 2006-09-21 at 08:38 -0600, Mike Hansen wrote:
-Original Message-
From: Alan Gauld [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 21, 2006 2:51 AM
To: Mike Hansen; tutor@python.org
Subject: Re: [Tutor] Python CGI Script
sql_statement = INSERT
I Have a CGI Script Which is working perfectly when run from the python
interpreter, i m using the Content-type:
application/x-www-url-form-encoded , i use it to send data from flash
apps to python script. i checked the script with content-type: text/html
, and browsers printed the output
query1 = SELECT ABC FROM %s limit %s,%s\
% (self.tableid,self.rangeid1,self.rangeid2)
Just as a note: please don't do this! *grin*
Don't build query strings up like this: this is very prone to an SQL
injection attack. See:
-Original Message-
Subject: Re: [Tutor] Python CGI Script
query1 = SELECT ABC FROM %s limit %s,%s\
% (self.tableid,self.rangeid1,self.rangeid2)
Just as a note: please don't do this! *grin*
Don't build query strings up like this: this is very
On Wed, 2006-09-20 at 15:46 -0600, Mike Hansen wrote:
-Original Message-
Subject: Re: [Tutor] Python CGI Script
query1 = SELECT ABC FROM %s limit %s,%s\
% (self.tableid,self.rangeid1,self.rangeid2)
Just as a note: please don't do