Lawrence D'Oliveiro wrote: > In message <[EMAIL PROTECTED]>, Sybren Stuvel > wrote: > > >>Duncan Booth enlightened us with: >> >>>I think his point was that any '%' characters inside name act like >>>wildcards whereas his version looked for literal percents. >> >>But of course. >> >> >>>This could be an argument for having a utility function to escape >>>the wildcards for this sort of situation, but certainly not an >>>argument for his proposed QuoteSQL. >> >>Indeed. An escaping function should be small and not do all kinds of >>escaping for different situations at once. > > > Look at it this way: there is _no_ case where you need escaping of wildcards > without also escaping other specials.
Yes, there is, so please lose the bombast. When you use the DB API correctly and paramterise your queries you still need to quote wildcards in search arguments, but you absolutely shouldn't quote the other SQL specials. That's what parameterised queries are for on the first place, and they have a portability advantage among other reasons why you should use them (another's potential efficiency). regards Steve -- Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC/Ltd http://www.holdenweb.com Skype: holdenweb http://holdenweb.blogspot.com Recent Ramblings http://del.icio.us/steve.holden -- http://mail.python.org/mailman/listinfo/python-list
