Ok, thanks again to everyone for their suggestions, even if it appears
I was going down the wrong path at the start. I'm a grad student
creating this database to hold some of my own research on an isolated
server, so security, etc. isn't my biggest concern -- but I would like
to do this right. Here's the code that I've come up with now. Although
it's gotten away from the original question, those that have commented
on this seem to have some SQL knowledge, so I'd like to run it by them
to see if this is better in theory. (I've tried it and it works in
practice!)
FYI, I'm using MySQLdb to connect with the Database.
Also, I realize I should probably add in some try/catch statements and
other error handling... but this is what I have at the moment.
def insert_cmd(myTable, myFields, myValues, myReturnKey):
"""Imports given fields and values into a given table, returns an
SQL variable holding the Autoincrement key"""
#tests to see if myParentKey is valid in mySQL.
if not myReturnKey.startswith("@"): print "Error, myReturnKey must
start with '@'"; sys.exit()
SQLcmd="INSERT INTO " + myTable + " (%s) " % ", ".join(myFields)
SQLcmd=SQLcmd + "VALUES (%s,%s,%s);"
cursor.execute(SQLcmd, (myValues))
#sets and returns SQL variable.
SQLcmd="select " + myReturnKey + ":=last_insert_id();"
cursor.execute(SQLcmd)
return myReturnKey
On Sat, Apr 11, 2009 at 7:38 AM, Diez B. Roggisch <de...@nospam.web.de> wrote:
> Mike H schrieb:
>>
>> Thanks to all of you.
>>
>> FYI, I'm doing this because I'm working on creating some insert
>> statements in SQL, where string values need to be quoted, and integer
>> values need to be unquoted.
>>
>> I wanted to be sure that I could pass these values to the list in a
>> normal way e.g. ['test', 1, 'two'] and have a function correct the
>> list for me, rather than calling the function with a strangely quoted
>> list e.g. ['"'test'"', 1, '"'two'"'].>
>
> Don't do that yourself. This is error-prone. Instead, use the parametrized
> verison of the cursor.execute-method. It will perform the necessary
> escaping, and depending on the database and database adapter you use better
> performance.
>
> Diez
> --
> http://mail.python.org/mailman/listinfo/python-list
>
--
http://mail.python.org/mailman/listinfo/python-list
