William Gill wrote:
> I have been trying to pass parameters as indicated in the api.
> when I use:
> sql= 'select * from %s where cusid = %s ' % name,recID)
> Cursor.execute(sql)
> it works fine, but when I try :
> sql= 'select * from %s where cusid like %s '
> Cursor.execute(sql,(name,recID))
> or
> sql= 'select * from ? where cusid like ? '
> Cursor.execute(sql,(name,recID))
> it fails.
> Can someone help me with the semantics of using parameterized queries?
Neither column names nor table names can be parameters to
fixed SQL. Values are what you fiddle with. This squares with
the DBMS being allowed to plan the query before looking at the
parameters (deciding which indices to use, which tables to join
first, ...), then reusing the plan for identical queries with
different values. MySQL may not take advantage of this two-step
approach, but the DB interface is designed to allow it, so
the parameterization is constrained.
See if something like this works:
sql = 'select * from %s where cusid like ? ' % name
Cursor.execute(sql, (recID,))
--Scott David Daniels
[EMAIL PROTECTED]
--
http://mail.python.org/mailman/listinfo/python-list
