> > cur.execute("INSERT INTO images (image) VALUES (?)", data_obj)
>
>In my case, I'm using psycopg2 for PostgreSQL. I just did a test,
> and it doesn't seem to like the ? syntax. I'll check the
> documentation
> to see if there's a setting to have it use the ? syntax.
It may well be the Python c
On Thu, 2006-09-21 at 08:38 -0600, Mike Hansen wrote:
>
> > -Original Message-
> > From: Alan Gauld [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, September 21, 2006 2:51 AM
> > To: Mike Hansen; tutor@python.org
> > Subje
> -Original Message-
> From: Alan Gauld [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 21, 2006 2:51 AM
> To: Mike Hansen; tutor@python.org
> Subject: Re: [Tutor] Python CGI Script
>
> >sql_statement = "INSERT I
>sql_statement = "INSERT INTO images (image) VALUES (%s)"
>cur.execute(sql_statement, (data_obj, ))
>
>Is it just moving the variable substitution to the execute statement
>as
> a tuple, so it will perform the proper quoting?
Nope, the syntax changes slightly, and I believ
On Wed, 2006-09-20 at 15:46 -0600, Mike Hansen wrote:
>
> > -Original Message-
> > Subject: Re: [Tutor] Python CGI Script
> >
> > >query1 = """SELECT ABC FROM %s limit %s,%s"""\
> > >
> -Original Message-
> Subject: Re: [Tutor] Python CGI Script
>
> >query1 = """SELECT ABC FROM %s limit %s,%s"""\
> > % (self.tableid,self.rangeid1,self.rangeid2)
>
> Just as a note: please don'
>query1 = """SELECT ABC FROM %s limit %s,%s"""\
> % (self.tableid,self.rangeid1,self.rangeid2)
Just as a note: please don't do this! *grin*
Don't build query strings up like this: this is very prone to an SQL
injection attack. See:
http://mail.python.org/pipe
Faran wrote:
> I Have a CGI Script Which is working perfectly when run from the python
> interpreter, i m using the Content-type:
> application/x-www-url-form-encoded , i use it to send data from flash
> apps to python script. i checked the script with content-type: text/html
> , and browsers p
I Have a CGI Script Which is working perfectly when run from the python
interpreter, i m using the Content-type:
application/x-www-url-form-encoded , i use it to send data from flash
apps to python script. i checked the script with content-type: text/html
, and browsers printed the output perfe
