Dennis Lee Bieber wrote:
> That is probably the worst way to "fix" the problem -- as in the
> future, you may end up trying that method for something that may need to
> be quoted or escaped.
>
> cur.execute(template, (arg1,) )
>
> allows the DB-API spec to properly convert the argument to the string
> format (quoted or escaped) as needed.
Thank you Dennis, point taken.
I will upgrade to pysqlite2 as soon as possible.
>the "pyformat" parameter style means that you're supposed to use "%s"
>instead of "?" for the placeholders:
>
> cur.execute("INSERT INTO foo (id) VALUES (%s)", (num,))
Thanks Fredrick, that seems so obvious now!....
> (I'm sure this is mentioned in the fine manual, btw ;-)
... I guess I have must have missed it ;-)
>while string formatting works, and is safe for simple cases like this,
>it can quickly turn into a performance and security problem. better
>avoid it for anything other than command-line tinkering and throw-away
>scripts.
You are both right about the perils of a non-standard approach, which
could easily break. Fortunately in this case this is a private project,
so no worry there.
-----
And while you are both being so helpful, May I ask anyother stupid
question?...
One of the columns of my table contains a rather large list of numbers
e.g. [12345, 76543, 89786, ... ] sometimes up to 500 entries long.
And when I defined my table I set this column to text.
But the problem with that approach is of course then that it gets
returned as a string (which just happens to look like a list!) and I
can't iter over it. However I can use rsplit(','), with the exception
of the leading and trailing '[' ']', and I could fix that too... but
that's not the point... the real question is: Is there a way to have
python interperate the string "[ a,b,c ]" as a list? (and yes I have be
reading up on typing)...
OR
Is there a better way to store this in sqlite, ala a BLOB or encoded?
Thanks
Robb
--
http://mail.python.org/mailman/listinfo/python-list
