I finally discovered the "Using Bind Parameters in Text Blocks"
section of the SQLAlchemy manual -- very useful and very easy to use.
Perhaps this will help others who are trying to search against MySQL's
FULLTEXT index safely. FWIW, I'm doing this in Pylons.
Here's what I ended up doing:
t = metadata.engine.text("""
SELECT ROUND(MATCH(message) AGAINST(:message), 2) AS score,
facility,severity,message,explanation,solution,significance,os
FROM kb
WHERE MATCH(message) AGAINST(:message)
AND facility=:facility
AND severity=:severity
LIMIT :limit
""")
c.results = t.execute(message=text, facility=fac, severity=sev,
limit=100).fetchall()
If you echo the SQL it's using, you can see how it quotes any query
parameters that have quotes in them. Slick.
Thanks for such a nice tool!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To post to this group, send email to sqlalchemy@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/sqlalchemy?hl=en
-~----------~----~----~----~------~----~------~--~---
