On Thu, 2006-09-21 at 08:38 -0600, Mike Hansen wrote: > > > -----Original Message----- > > From: Alan Gauld [mailto:[EMAIL PROTECTED] > > Sent: Thursday, September 21, 2006 2:51 AM > > To: Mike Hansen; tutor@python.org > > Subject: Re: [Tutor] Python CGI Script > > > > > sql_statement = "INSERT INTO images (image) VALUES (%s)" > > > cur.execute(sql_statement, (data_obj, )) > > > > > >Is it just moving the variable substitution to the execute statement > > >as > > > a tuple, so it will perform the proper quoting? > > > > Nope, the syntax changes slightly, and I believe depends on the > > database driver you use. For SqlLite (and I think for MySql) its a > > question mark > > > > > sql_statement = "INSERT INTO images (image) VALUES (?)" > > > cur.execute(sql_statement, data_obj) > > > > And I don;t think you need the tuple form unless you have multiple > > values. > > And you can do it in one line too: > > > > cur.execute("INSERT INTO images (image) VALUES (?)", data_obj) > > > > Alan G. > > > > > > In my case, I'm using psycopg2 for PostgreSQL. I just did a test, and it > doesn't seem to like the ? syntax. I'll check the documentation to see > if there's a setting to have it use the ? syntax.
The paramstyle attribute in the module will tell you. >>> import MySQLdb >>> MySQLdb.paramstyle 'format' Which means use %s to mark parameter placement. The details below say 'format' == ANSI C printf codes which Python also uses. However, so far as I know, MySQLdb only uses the %s. The parameters get substituted into the SQL string. You'll need to see what the psycopg2.paramstyle tells you. (I think it is pyformat. Params would be provided in a dict.) http://www.python.org/dev/peps/pep-0249/ Provides *all* the details. I've exerpted the paramstyle block below. paramstyle String constant stating the type of parameter marker formatting expected by the interface. Possible values are [2]: 'qmark' Question mark style, e.g. '...WHERE name=?' 'numeric' Numeric, positional style, e.g. '...WHERE name=:1' 'named' Named style, e.g. '...WHERE name=:name' 'format' ANSI C printf format codes, e.g. '...WHERE name=%s' 'pyformat' Python extended format codes, e.g. '...WHERE name=%(name)s' > > Thanks, > > Mike > _______________________________________________ > Tutor maillist - Tutor@python.org > http://mail.python.org/mailman/listinfo/tutor -- Lloyd Kvam Venix Corp _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor