Hi, I'm using pyodbc (Python 2.5) to insert records in an MS Access database. For security reasons, question marks should be used for string replacement [*]. The standard %s would make the code vulnerable to sql code injection. Problem is, string replacement in the Good Way somehow doesn't work when the values are dates. Below, snippet #1 does not work (Access says the inserted value is not consistent with the defined datatype), but #2 does. I tried various other ways (ie. DateValue, CDate, etc.) but none of them works. Is there a solution for this?
[*] see http://code.google.com/p/pyodbc/wiki/GettingStarted --> under 'Parameters' ### 1 sql = "INSERT INTO tblSomeTable (myDate) VALUES (?);" cursor.execute(sql, "#01/01/2010#") ### 2 sql = "INSERT INTO tblSomeTable (myDate) VALUES (%s);" cursor.execute(sql % "#01/01/2010#") Cheers!! Albert-Jan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ All right, but apart from the sanitation, the medicine, education, wine, public order, irrigation, roads, a fresh water system, and public health, what have the Romans ever done for us? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
