Re: database questions ala newbie pythonist

Dan Sommers Thu, 02 Dec 2004 03:30:33 -0800

On Wed, 1 Dec 2004 20:45:13 -0500,
"chris" <[EMAIL PROTECTED]> wrote:


> But when I try to use a variable such as:

> ###################################################################
> ...
> varA = '0'
> varB = '1190'
> mycursor.execute('Update Categories Set DelStatus = ' varA 'Where ProductID
> = ' varB)
> ...
> ###################################################################

Let the database module (looks like odbc) do that for you:

    sql = 'UPDATE categories SET delstatus = %s WHERE productid = %s'
    values = (varA, varB)
    mycursor.execute( sql, values )

The database module will know exactly how to quote and escape and
whatever else is necessary to build a valid SQL statement.  Your
particular module may support other options, too, but it knows more than
you do (and has, in theory, already been debugged).

See also PEP 249, <http://www.python.org/peps/pep-0249.html>.

HTH,
Dan

-- 
Dan Sommers
<http://www.tombstonezero.net/dan/>
Never play leapfrog with a unicorn.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: database questions ala newbie pythonist

Reply via email to