Kun <[EMAIL PROTECTED]> writes: [...] > mysqlstatement = "INSERT INTO dir (date, purchasetype, price, comment) > VALUES ('"+ date +"','"+ purchasetype +"','"+ price +"','"+ comment +"' )" [...]
Haven't read your post carefully, but the first thing that jumps out at me is that you should be using SQL parameter interpolation, not Python string formatting. sql = ("INSERT INTO dir (date, purchasetype, price, comment) " "VALUES (%s, %s, %s, %s)") cursor.execute(sql, (date, purchasetype, price, comment)) Google for "SQL injection" to see why this is a nasty security issue, not just a matter of practical coding convenience. John -- http://mail.python.org/mailman/listinfo/python-list