From: Adam B. <ad...@po...> - 2002-03-05 19:02:52
|
> how should I handle case when I have special chars included > into value text or character varying. The library can handle such situations automatically. However, You should allow it to construct final SQL queries itself (don't use Python's % operator). Look at the code below: from pyPgSQL import PgSQL dbc = PgSQL.connect( ... ) c = dbc.cursor() a = "string'with\\quotes'\"' and\r\n\t %stuff%" b = None c = 123.45 c.execute("insert into tab values (%s, %s, %s);", a, b, c); What happens here? First passed value is a string, so all special characters are automatically backslashed and the whole value is enclosed between quotes ('). The second one is None, so it is converted to SQL's null. The third is passed almost as-is, because it's a number. The best You can do is looking at the source code of PgSQL module and DBI 2.0 standard (it's easy to find it in Python website), the full explanation is right there. Regards, -- Adam Buraczewski <ad...@po...> * Linux registered user #165585 GCS/TW d- s-:+>+:- a- C+++(++++) UL++++$ P++ L++++ E++ W+ N++ o? K? w-- O M- V- PS+ !PE Y PGP+ t+ 5 X+ R tv- b+ DI? D G++ e+++>++++ h r+>++ y? |