| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | Richard Huxton <dev(at)archonet(dot)com> |
| Cc: | Parthan <parth(dot)technofreak(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Error in PostgreSQL query with psycopg |
| Date: | 2006-07-31 17:33:15 |
| Message-ID: | 44CE3EDB.1030008@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
>> Line68:
>> query = cursor.execute("""INSERT INTO ConfMain (ConfName, ConfHost,
>> ConfStart, ConfEnd, ConfDays, ConfStartTime, ConfEndTime, ConfSize)
>> VALUES (\'%s\', \'%s\', \'%%\', \'%%\', %i, \'%%\', \'%%\', %i);""" %
>> (conf_name, host_name, start_day, end_day, int(num_days), start_time,
>> end_time, aud_size))
>
> Does psycopg not handle quoting for you? Almost all database interfaces
> nowadays support something like:
> result = myquery.execute('INSERT INTO foo (anInt,aDate,aText) VALUES
> (?,?,?)', query_parameters);
> The interface deals with quoting the "?" based on the type definitions
> in the database.
You do not have to quote the query in psycopg... Psycopg does it for you.
See the bottom of this for an example using a dictionary:
http://www.devx.com/opensource/Article/29071/0/page/3
Joshua D. Drake
>
> Trying to quote things yourself is tricky. You'll need to handle
> single-quotes in a string yourself - easy to get it wrong.
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Jorjoliani | 2006-07-31 17:34:08 | Unicode sorting problem |
| Previous Message | Mont Rothstein | 2006-07-31 17:17:42 | Postgres on 64bit Windows Server with WOW64 |