Well, I'm an idiot. Obviously, the line "VALUES (%s, %s, %s);" needs
to be modified to adapt for the number of arguments in the list. But
otherwise....
On Sat, Apr 11, 2009 at 11:28 AM, Mike H <cmh.pyt...@gmail.com> wrote:
> Ok, thanks again to everyone for their suggestions, even if it appears
> I was going down the wrong path at the start. I'm a grad student
> creating this database to hold some of my own research on an isolated
> server, so security, etc. isn't my biggest concern -- but I would like
> to do this right. Here's the code that I've come up with now. Although
> it's gotten away from the original question, those that have commented
> on this seem to have some SQL knowledge, so I'd like to run it by them
> to see if this is better in theory. (I've tried it and it works in
> practice!)
>
> FYI, I'm using MySQLdb to connect with the Database.
>
> Also, I realize I should probably add in some try/catch statements and
> other error handling... but this is what I have at the moment.
>
>
>
> def insert_cmd(myTable, myFields, myValues, myReturnKey):
> """Imports given fields and values into a given table, returns an
> SQL variable holding the Autoincrement key"""
>
> #tests to see if myParentKey is valid in mySQL.
> if not myReturnKey.startswith("@"): print "Error, myReturnKey must
> start with '@'"; sys.exit()
>
> SQLcmd="INSERT INTO " + myTable + " (%s) " % ", ".join(myFields)
> SQLcmd=SQLcmd + "VALUES (%s,%s,%s);"
> cursor.execute(SQLcmd, (myValues))
>
> #sets and returns SQL variable.
> SQLcmd="select " + myReturnKey + ":=last_insert_id();"
> cursor.execute(SQLcmd)
> return myReturnKey
>
>
> On Sat, Apr 11, 2009 at 7:38 AM, Diez B. Roggisch <de...@nospam.web.de> wrote:
>> Mike H schrieb:
>>>
>>> Thanks to all of you.
>>>
>>> FYI, I'm doing this because I'm working on creating some insert
>>> statements in SQL, where string values need to be quoted, and integer
>>> values need to be unquoted.
>>>
>>> I wanted to be sure that I could pass these values to the list in a
>>> normal way e.g. ['test', 1, 'two'] and have a function correct the
>>> list for me, rather than calling the function with a strangely quoted
>>> list e.g. ['"'test'"', 1, '"'two'"'].>
>>
>> Don't do that yourself. This is error-prone. Instead, use the parametrized
>> verison of the cursor.execute-method. It will perform the necessary
>> escaping, and depending on the database and database adapter you use better
>> performance.
>>
>> Diez
>> --
>> http://mail.python.org/mailman/listinfo/python-list
>>
>
--
http://mail.python.org/mailman/listinfo/python-list
