MRAB <pyt...@mrabarnett.plus.com> wrote:
> On 17/06/2013 19:32, Jens Thoms Toerring wrote:
> > As I wrote you need *single* quotes around strings in
> > SQL statements. Double quotes won't do - this is SQL
> > and not Python so you're dealing with a different lan-
> > guage and thus different rules apply. The triple single
> > quotes are seen by Python, but SQL needs its own.
> >
> The query looks safe to me as he _is_ using a parametrised query.
Perhaps - the OP never told which API (or database) he
is using. What about some API that simply connects the
first argument of exxecute() with the second with just
a simple '%' to construct the string for the SQL state-
ment? In that case there would be no single quotes a-
round strings, or would there?
Regards, Jens
--
\ Jens Thoms Toerring ___ j...@toerring.de
\__________________________ http://toerring.de
--
http://mail.python.org/mailman/listinfo/python-list
