Re: [sqlite] Escape issue

Adriano Monteiro Tue, 11 Jul 2006 06:35:36 -0700

Hi,

It doesn't seen to work with me (or I cannot see the error at my code... :-/)

import sqlite
c = sqlite.connect("/tmp/t")
cur = c.cursor()
cur.execute("CREATE TABLE TEST (id integer, name text)")
cur.execute("INSERT INTO TEST VALUES (?, ?)", (1, "wow"))

Traceback (most recent call last):
 File "<stdin>", line 1, in ?
 File "/usr/lib/python2.4/site-packages/sqlite/main.py", line 255, in execute
   self.rs = self.con.db.execute(SQL % parms)
TypeError: not all arguments converted during string formatting

What am I doing wrong??


Cheeers!

On 7/11/06, Jonathan Ballet <[EMAIL PROTECTED]> wrote:

Adriano Monteiro wrote:
> Hi folks,
>
> I'm having a headache with escape chars at sqlite. I'm using pysqlite,
> and everytime I try to insert data with a escape char it raises the
> following exception:
>
>  File "/usr/lib/python2.4/site-packages/sqlite/main.py", line 244, in
> execute
>    self.rs = self.con.db.execute(SQL)
> _sqlite.DatabaseError: unrecognized token: "\"
>
> After that, I tried to double the escape to avoid the problem, but
> nothing changed. I tried to double the escape, because that is the
> technique widely used on main languages to escape a escape char.
> As I saw at the sqlite FAQ, that's the same technique used to escape a
> quote. But, It simply doesn't seem to work with the escape char.
> Any clues?
>
>
> Cheeeeers!
>

Hello,

you should let Pysqlite handle quote escaping by itself, by using "?" 
characters in your SQL queries  :
>>> from pysqlite2 import dbapi2 as sqlite
>>> conn = sqlite.connect(':memory:')
>>> cursor = conn.cursor()
>>> cursor.execute("CREATE TABLE t (id INTEGER, value TEXT)")
<pysqlite2.dbapi2.Cursor object at 0xa7dc2ec0>
>>> cursor.execute("INSERT INTO t (id, value) VALUES (?, ?)",
... (1, "It's a test with simple (') quote"))
<pysqlite2.dbapi2.Cursor object at 0xa7dc2ec0>
>>> cursor.execute("SELECT * FROM t")
<pysqlite2.dbapi2.Cursor object at 0xa7dc2ec0>
>>> cursor.fetchall()
[(1, u"It's a test with simple (') quote")]


By the way, SQLite use double quote ('') to escape simple quote :
"A string constant is formed by enclosing the string in single quotes ('). A 
single quote within the
string can be encoded by putting two single quotes in a row - as in Pascal. 
C-style escapes using
the backslash character are not supported because they are not standard SQL."
http://sqlite.org/lang_expr.html


Cheers,
        Jonathan Ballet



--
Adriano Monteiro Marques
http://umit.sourceforge.net
[EMAIL PROTECTED]

"Don't stay in bed, unless you can make money in bed." - George Burns

Re: [sqlite] Escape issue

Reply via email to