[mod_python] Problem with html quoted/unquoted

Wouter van Marle wouter at squirrel-systems.com
Tue May 23 10:50:48 EDT 2006 

Joshua, Jim,

Thanks for the replies - I think I understand it now. I completely
overlooked the , vs % in the string replacement! When testing it on my
debian box I copy-pasted the example in, while later I typed it in by
hand. And then used the % which I didn't notice was "replaced" by a
comma...
That'll make a big difference.

Wouter.


On Tue, 2006-05-23 at 08:27 -0400, Joshua Ginsberg wrote:
> This will work:
> 
> c.execute('select foo from bar where baz = %s', (s,))
> 
> You are passing two arguments to execute() -- the first being a string 
> representing SQL and the second being a tuple of values to be 
> substituted in. The execute() method is smart enough to quote where 
> necessary.
> 
> This will not work:
> 
> c.execute('select foo from bar where baz = %s' % (s,))
> 
> You are passing a single argument to execute() -- a string that does 
> Python string formatting. The execute() method does not have a chance 
> to be smart enough to quote where necessary.
> 
> In your "quick test on your system" you refer to below, you use the 
> first method. In your "I just tried again" you use the second method, 
> which is why it fails.
> 
> -jag
> 
> On May 23, 2006, at 2:22 AM, Wouter van Marle wrote:
> 
> > On Tue, 2006-05-23 at 01:49 -0400, Joshua Ginsberg wrote:
> >> Wouter --
> >>
> >> You used % to do string substitution on the first argument to 
> >> execute()
> >> as opposed to passing a tuple as a second argument to execute().
> >
> > I don't get your meaning.
> > Can you please give me the lines of code as example? Thanks!
> >
> > Wouter.
> >
> >>
> >> -jag
> >>
> >> On May 22, 2006, at 11:50 PM, Wouter van Marle wrote:
> >>
> >>> On Tue, 2006-05-23 at 11:18 +0800, Wouter van Marle wrote:
> >>>> On Wed, 2006-05-17 at 18:09 -0400, Jim Gallacher wrote:
> >>>>>>> cur.execute("SELECT * FROM base WHERE field = %s", s)
> >>>>>>
> >>>>>> I have tried this (once) with MySQLdb, and it doesn't seem to work
> >>>>> like
> >>>>>> that. (v1.2.1g2) Didn't pursue the issue further.
> >>>>>
> >>>>> You must be doing something wrong. A quick test on my system:
> >>>>>
> >>>>>>>> s = """This is 'some' stuff with "quotes" and stuff"""
> >>>>>>>> cursor.execute('insert into testtable (data) values (%s)', s)
> >>>>> 1L
> >>>>
> >>>> Just tried it for myself - it works now.
> >>>
> >>> RRrrrriiiiigggghhhttt.... that said.... I just tried again... and now
> >>> have a fail. Now I also remember why I didn't use that method yet :)
> >>>
> >>> - Debian Sarge, MySQLdb 1.2.1g2: works fine.
> >>> - Mandriva Linux LE2005 (v10.2), MySQLdb 1.2.1g3: gives SQL error on
> >>> this one.
> >>>
> >>>>>> cursor.execute("INSERT INTO testtable (field1) VALUES ('This is a
> >>> string!');")
> >>> 1L
> >>>>>> cursor.execute("INSERT INTO testtable (field1) VALUES (%s);"% s)
> >>>
> >>> Traceback (most recent call last):
> >>>   File "<pyshell#15>", line 1, in -toplevel-
> >>>     cursor.execute("INSERT INTO testtable (field1) VALUES (%s);"% s)
> >>>   File "/usr/lib/python2.4/site-packages/MySQLdb/cursors.py", line 
> >>> 137,
> >>> in execute
> >>>     self.errorhandler(self, exc, value)
> >>>   File "/usr/lib/python2.4/site-packages/MySQLdb/connections.py", 
> >>> line
> >>> 33, in defaulterrorhandler
> >>>     raise errorclass, errorvalue
> >>> ProgrammingError: (1064, 'You have an error in your SQL syntax; check
> >>> the manual that corresponds to your MySQL server version for the 
> >>> right
> >>> syntax to use near \'\'some\' stuff with "quotes" and stuff)\' at 
> >>> line
> >>> 1')
> >>>
> >>> - Mandriva Linux 2006.0, MySQLdb 1.2.0final: works fine.
> >>>
> >>> So there is a serious bug in MySQLdb as well; seems to be the 1.2.1g3
> >>> version.
> >>>
> >>> Wouter.
> >>>
> >>>> Maybe I had an older version of MySQLdb when testing? I don't know
> >>>> anymore. I'll follow your advice and fix my code!
> >>>>
> >>>> And after that the info in the databases... that's going to be a
> >>>> harder
> >>>> job.
> >>>>
> >>>> Wouter.
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Mod_python mailing list
> >>>> Mod_python at modpython.org
> >>>> http://mailman.modpython.org/mailman/listinfo/mod_python
> >>>>
> >>>>
> >>>
> >>> _______________________________________________
> >>> Mod_python mailing list
> >>> Mod_python at modpython.org
> >>> http://mailman.modpython.org/mailman/listinfo/mod_python
> >>
> >>
> >
> 
>

More information about the Mod_python mailing list