string class variable to sqlite3

Marko Rauhamaa marko at pacujo.net
Sun Oct 18 11:31:15 EDT 2015

• Previous message (by thread): string class variable to sqlite3
• Next message (by thread): string class variable to sqlite3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

andybrookestar at googlemail.com:
> cursor = self.conn.execute("SELECT * from wiki WHERE one LIKE '%s' "%
> self.myString1)

That's really dangerous. See:
 <URL: http://stackoverflow.com/questions/309945/how-to-quote-a-strin
 g-value-explicitly-python-db-api-psycopg2>
Now, I don't know if there are any better stdlib ways to quote SQL
strings properly.
Marko

---

• Previous message (by thread): string class variable to sqlite3
• Next message (by thread): string class variable to sqlite3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-list mailing list