yeah i was going to say, bind params in literal text are always in
the :param style (since im an oracle veteran) and they get converted
later....glad you found it
On Jan 28, 12:34 am, Chris Shenton <[EMAIL PROTECTED]> wrote:
> I finally discovered the "Using Bind Parameters in Text Blocks"
> section of the SQLAlchemy manual -- very useful and very easy to use.
> Perhaps this will help others who are trying to search against MySQL's
> FULLTEXT index safely. FWIW, I'm doing this in Pylons.
>
> Here's what I ended up doing:
>
> t = metadata.engine.text("""
> SELECT ROUND(MATCH(message) AGAINST(:message), 2) AS score,
> facility,severity,message,explanation,solution,significance,os
> FROM kb
> WHERE MATCH(message) AGAINST(:message)
> AND facility=:facility
> AND severity=:severity
> LIMIT :limit
> """)
> c.results = t.execute(message=text, facility=fac, severity=sev,
> limit=100).fetchall()
>
> If you echo the SQL it's using, you can see how it quotes any query
> parameters that have quotes in them. Slick.
>
> Thanks for such a nice tool!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To post to this group, send email to sqlalchemy@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/sqlalchemy?hl=en
-~----------~----~----~----~------~----~------~--~---
