In article <mailman.717.1243258005.8015.python-l...@python.org>,
Tim Chase <python.l...@tim.thechases.com> wrote:
>
>To stave off this problem, I often use:
>
> values = [
> data['a'],
> data['b'],
> data['c'],
> data['d'],
> data['e'],
> data['f'],
> data['g'],
> ]
> params = ', '.join('%s' for _ in values)
> query = """
> BEGIN;
> INSERT INTO table
> (a,b,c,d,e,f,g)
> VALUES (%s);
> COMMIT;
> """ % params
> self.db.execute(query, values)
How do you handle correct SQL escaping?
--
Aahz (a...@pythoncraft.com) <*> http://www.pythoncraft.com/
my-python-code-runs-5x-faster-this-month-thanks-to-dumping-$2K-
on-a-new-machine-ly y'rs - tim
--
http://mail.python.org/mailman/listinfo/python-list
