[Python-de] pysqlite3 --- select ... where like ...

Sebastian Wiesner basti.wiesner at gmx.net
Di Jun 17 20:32:23 UTC 2008


Matthias Huening <mhuening at zedat.fu-berlin.de> at Tuesday 17 June 2008, 
21:53:15
> Hallo,
>
> in der pysqlite3-Doku (Python 2.5) steht zu lesen:
> > # Never do this -- insecure!
> > symbol = 'IBM'
> > c.execute("... where symbol = '%s'" % symbol)
> >
> > # Do this instead
> > t = (symbol,)
> > c.execute('select * from stocks where symbol=?', t)
>
> Okay. Geht ja auch meistens.
> Aber wie schreibe ich denn dann sowas:
>
> "select * from xxx where aaa like '%%%s%%' or bbb like '%%%s%%'" % (a, b)

values = ['%%%s%%' % v for v in (a, b)]
c.execute("select * from xxx where aaa like ? or bbb like ?", values)


-- 
Freiheit ist immer die Freiheit der Andersdenkenden.
                                            (Rosa Luxemburg)
-------------- nächster Teil --------------
A non-text attachment was scrubbed...
Name: nicht verfügbar
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://python.net/pipermail/python-de/attachments/20080617/dfa14d37/attachment.pgp>