escape single and double quotes

From: Marc BlackJack Rintsch <bj_...@gmx.net>

Thu, 24 Mar 2005 19:25:20 +0100

In <GqB0e.3365$ai7.77869 at news2.e.nsc.no>, Leif B. Kristensen wrote:

> Damjan skrev:> >> You don't need to escape text when using the Python DB-API.>> DB-API will do everything for you.>> For example:>>  SQL = 'INSERT into TEMP data = %s'>>  c.execute(SQL, """ text containing ' and ` and all other stuff we>>  might>>   read from the network""")>> >> You see, the SQL string contains a %s placeholder, but insetad of>> executing the simple string expansion SQL % """....""", I call the>> execute method with the text as a second *parametar*. Everything else>> is magic :).> > Sure, but does this work if you need more than one placeholder?

Yes it works with more than one placeholder.

> FWIW,> here's the whole script. It will fetch data from the table name_parts> and pump them into the "denormalized" table names ( a real SQL guru> would probably do the same thing with one single monster query):> > import psycopg> from re import escape> > connection = psycopg.connect("dbname=slekta", serialize=0)> sql = connection.cursor()> > sql.execute("select * from name_parts")> result = sql.fetchall()> for row in result:>     if row[2] == 1:     # name part = 'prefix'>         query = ("update names set prefix='%s' where name_id=%s" % \ >                    (escape(row[4]), row[1]))>     elif row[2] == 2:     # name part = 'given'>         query = ("update names set given='%s' where name_id=%s" % \>                    (escape(row[4]), row[1]))>     elif row[2] == 3:     # name part = 'surname'>         query = ("update names set surname='%s' where name_id=%s" % \ >                    (escape(row[4]), row[1]))>     elif row[2] == 4:     # name part = 'suffix'>         query = ("update names set suffix='%s' where name_id=%s" % \>                    (escape(row[4]), row[1]))>     elif row[2] == 5:     # name part = 'patronym'>         query = ("update names set patronym='%s' where name_id=%s" % \>                    (escape(row[4]), row[1]))>     elif row[2] == 6:     # name part = 'toponym'>         query = ("update names set toponym='%s' where name_id=%s" % \>                    (escape(row[4]), row[1]))>     sql.execute(query)>     sql.commit()> connection.close()

A lot of redundant code.  Try something like the following instead of the
``elif`` sequence::

name_part = ['prefix', 'given', 'surname', 'suffix', 'patronym', 'toponym']
for row in result:
    query = 'update names set %s=%%s where name_id=%%s' % name_part[row[2]-1]
    sql.execute(query, (row[4], row[1]))
    sql.commit()

Ciao,
	Marc 'BlackJack' Rintsch

Recent Messages in this Thread
escape single and double quotes	Leif B. Kristensen	Mar 24, 2005 02:57 pm
escape single and double quotes	Jiri Barton	Mar 24, 2005 03:06 pm
escape single and double quotes	Damjan	Mar 24, 2005 03:24 pm
escape single and double quotes	Leif B. Kristensen	Mar 24, 2005 03:56 pm
escape single and double quotes	Scott David Daniels	Mar 24, 2005 05:48 pm
escape single and double quotes	Marc BlackJack Rintsch	Mar 24, 2005 06:25 pm
escape single and double quotes	Leif B. Kristensen	Mar 24, 2005 07:16 pm
escape single and double quotes	Kent Johnson	Mar 24, 2005 11:02 pm

◄ Messages in this thread ►

Previous post: Data types

Next post: Suggestions for a Java programmer

Subscribe to the python-list RSS feed

Accounts

List Archives

Feedback & Information

ActiveState

© 2019 ActiveState Software Inc. All rights reserved. ActiveState®, Komodo®, ActiveState Perl Dev Kit®, ActiveState Tcl Dev Kit®, ActivePerl®, ActivePython®, and ActiveTcl® are registered trademarks of ActiveState. All other marks are property of their respective owners.