[SQLObject] Recommended method for string replacement.
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
From: Jorge G. <go...@ie...> - 2005-10-13 23:02:45
|
Hi! What is the recommended way to pass strings to be replaced by SQLObject? For exemplo: segmento = Segmento.select("descricao ILIKE ('toxicologia')") could become: segmento = Segmento.select("descricao ILIKE (%s)" % 'toxicologia') or: segmento = Segmento.select("descricao ILIKE (%s)" % ('toxicologia')) I'm trying to avoid having to check the string to prevent some kind of SQL injection... But none of the above work, my RDBMS receives an unquoted string and then bails out with an error. -- Jorge Godoy <go...@ie...> |