>
> db=MySQLdb.connect(host = 'localhost', db = 'phone')
> cursor=db.cursor()
> cursor.execute("Select * from phone where name = name order by name")
You don't parametrize the query. The where-clause thus is a tautology,
as the name is always the name.
Do something like this:
cursor.execute("Select * from phone where name = ? order by name", (name,))
Actually it might be necessary to use something different from the ? to
specify the parameter - that depends on the paramstyle of your DB-Api.
Check that in the interpreter with
import MySQLdb
print mySQLdb.paramstyle
Diez
--
http://mail.python.org/mailman/listinfo/python-list
