yeah i was going to say, bind params in literal text are always in the :param style (since im an oracle veteran) and they get converted later....glad you found it
On Jan 28, 12:34 am, Chris Shenton <[EMAIL PROTECTED]> wrote: > I finally discovered the "Using Bind Parameters in Text Blocks" > section of the SQLAlchemy manual -- very useful and very easy to use. > Perhaps this will help others who are trying to search against MySQL's > FULLTEXT index safely. FWIW, I'm doing this in Pylons. > > Here's what I ended up doing: > > t = metadata.engine.text(""" > SELECT ROUND(MATCH(message) AGAINST(:message), 2) AS score, > facility,severity,message,explanation,solution,significance,os > FROM kb > WHERE MATCH(message) AGAINST(:message) > AND facility=:facility > AND severity=:severity > LIMIT :limit > """) > c.results = t.execute(message=text, facility=fac, severity=sev, > limit=100).fetchall() > > If you echo the SQL it's using, you can see how it quotes any query > parameters that have quotes in them. Slick. > > Thanks for such a nice tool! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalchemy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en -~----------~----~----~----~------~----~------~--~---