Roger Shaw wrote: > > Hello, > I am very new to python. > > Wrote a small program to use on my android phone using pickle/shelve to > access data. > > That worked fine but i realised it would be better to use sqlite as a > database to more easily modify the data. > > I havent got a clue about sqlite, have a book but cant find the answer > > My problem is this. > > I can access data by putting characters to search for into the program but i > want it to be a variable string > that i can search for. > > Specificaly a couple of lettersĀ i input from keypad. > > > > At the moment this works to search for everything beginning with A > sql = "SELECT * FROM plants WHERE genus LIKE 'A%'"; > cursor.execute(sql);
You should avoid the above style query if you ever get data from an untrusted source (user/internet) as bad things (obligatory xkcd: http://xkcd.com/327/ ) can happen. Instead, use parameterized queries which will handle escaping the input. sql = "SELECT * FROM plants where genus LIKE ?" cursor.execute(sql, (genus + '%')) # Add wildcard to parameter, not the base # query. Using this notation, genus can hold one character or any amount. > slt =cursor.fetchone(); > What i really need is to search for everything beginning with two letters > from an input command. > > As in A is a variable that could be Bl or An or someother two letter > combination > ~Ramit This email is confidential and subject to important disclaimers and conditions including on offers for the purchase or sale of securities, accuracy and completeness of information, viruses, confidentiality, legal privilege, and legal entity disclaimers, available at http://www.jpmorgan.com/pages/disclosures/email. _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
