Python MySQLdb and string substitution 

The Python DB API specifies multiple formats for substituting strings into query strings.

pyformat implies it uses the Python % string substitution rules. However, one difference is any string substitutions will be quoted (have '' put around the value). This is a problem if you embed the value inside an existing string.

cursor.execute( "SELECT * WHERE `name`='prefix.%(val)s.postfix'", {'val':'foobar'} ) is parsed into "SELECT * WHERE `name`='prefix.'foobar'.postfix'" which is not valid SQL.

To work around this, I used cursor.execute( "SELECT * WHERE `name`=CONCAT('prefix.', %(val)s, '.postfix')", {'val':'foobar'} )
[ add comment ] ( 89 views ) permalink

<<First <Back | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | Next> Last>>