On Thu, May 28, 2009 at 11:12 AM, Lawrence D'Oliveiro
<l...@geek-central.gen.new_zealand> wrote:
> In message <784h2cf1kem0...@mid.uni-berlin.de>, Diez B. Roggisch wrote:
>
> > Lawrence D'Oliveiro wrote:
> >
> >> In message <mailman.766.1243354300.8015.python-l...@python.org>, Dennis
> >> Lee Bieber wrote:
> >>
> >>> Notice that db.literal() call? That's part of the mechanism used to
> >>> escape and quote parameters -- it only returns strings that are safe
> for
> >>> insertion into the SQL statement.
> >>
> >> Does it deal with "like"-wildcards?
> >
> > Why shouldn't it?
> >
> > cursor.execute("select * from table where column like %s", "%name%")
>
> What if the string you're searching for includes a "%" or "_" character?
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>>> A="0"
>>> B="%"
>>>
>>> print "select * from test_table where a like '%%%s%%' " %A
select * from test_table where a like '%0%'
>>>
>>> print "select * from test_table where a like '%%%s%%' " %B
select * from test_table where a like '%%%'
>>>
HTH
--
http://mail.python.org/mailman/listinfo/python-list
