On Mon, 17 Jun 2013 19:16:02 +0000, Jens Thoms Toerring wrote: > MRAB <pyt...@mrabarnett.plus.com> wrote: >> On 17/06/2013 19:32, Jens Thoms Toerring wrote: >> > As I wrote you need *single* quotes around strings in SQL statements. >> > Double quotes won't do - this is SQL and not Python so you're dealing >> > with a different lan- guage and thus different rules apply. The >> > triple single quotes are seen by Python, but SQL needs its own. >> > >> The query looks safe to me as he _is_ using a parametrised query. > > Perhaps - the OP never told which API (or database) he is using. What > about some API that simply connects the first argument of exxecute() > with the second with just a simple '%' to construct the string for the > SQL state- > ment? In that case there would be no single quotes a- round strings, or > would there? > > Regards, Jens
Do you know of any python DB module that acts this way? if you do then that module does not conform to the python DB-API (PEP 249) & should be avoided. whilst erring on the side of caution is commendable, Nicos is having enough problems without confusing him further. -- Today you'll start getting heavy metal radio on your dentures. -- http://mail.python.org/mailman/listinfo/python-list
