johnf wrote:
> On Friday 11 January 2008 11:45:36 am you wrote:
> Let's start over!
Thank you.
> import psycopg2
>
> conn = psycopg2.connect("host='192.168.1.201' dbname='aName' user ='UserName'
> password ='**'")
> tempCursor= conn.cursor()
> custnum = 'ABC123'
> mysql ="Select ccustno fro
johnf wrote:
> On Friday 11 January 2008 11:19:43 am you wrote:
>> Can you post a small, complete program containing both the working and
>> non-working variants and show the complete output of the program?
Jeez, you might want to try to get this to work with something simple!
This is still not
On Friday 11 January 2008 11:19:43 am you wrote:
> johnf wrote:
> > I spoke to soon. Where can I find the DB-API for postgres? Because the
> > only way I can get this to work is using ('%s') and it does not work with
> > (%s).
>
> What module are you using to connect to postgres? That module shou
johnf wrote:
> I spoke to soon. Where can I find the DB-API for postgres? Because the only
> way I can get this to work is using ('%s') and it does not work with (%s).
What module are you using to connect to postgres? That module should
implement DB-API as documented here:
http://www.python.or
On Friday 11 January 2008 10:20:13 am Alan Gauld wrote:
> "johnf" <[EMAIL PROTECTED]> wrote
>
> > and should be doing
> > tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
> > seq", ( 'public.arcust', 'pkid' ) )
> >
> > which prevented SQL injection.
>
> The syntax of the execute st
On Friday 11 January 2008 09:14:25 am Simone wrote:
> johnf ha scritto:
> > But the above does not work when I use variables instead of strings as in
> >
> > tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
> > seq", ( tableName, fieldName ) )
> >
> > So how am I suppose to prevent
On Friday 11 January 2008 10:20:13 am Alan Gauld wrote:
> "johnf" <[EMAIL PROTECTED]> wrote
>
> > and should be doing
> > tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
> > seq", ( 'public.arcust', 'pkid' ) )
> >
> > which prevented SQL injection.
>
> The syntax of the execute st
"johnf" <[EMAIL PROTECTED]> wrote
> and should be doing
> tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
> seq", ( 'public.arcust', 'pkid' ) )
>
> which prevented SQL injection.
The syntax of the execute statement varies by database
Which DB are you using. For example SQLit
johnf ha scritto:
> But the above does not work when I use variables instead of strings as in
>
> tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
> seq", ( tableName, fieldName ) )
>
> So how am I suppose to prevent SQL injections?
Try tu use '?' instead of %s, like this
johnf wrote:
> Hi,
> I was recently told I was doing something wrong with my python sql statements.
> I was doing
> tempCursor.execute("Select pg_get_serial_sequence('%s','%s') as seq
> " % ('public.arcust','pkid'))
>
> and should be doing
> tempCursor.execute ( "Select pg_get_serial_sequence (
Hi,
I was recently told I was doing something wrong with my python sql statements.
I was doing
tempCursor.execute("Select pg_get_serial_sequence('%s','%s') as seq
" % ('public.arcust','pkid'))
and should be doing
tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
seq", ( 'publi
11 matches
Mail list logo
