>> Line68:
>> query = cursor.execute("""INSERT INTO ConfMain (ConfName, ConfHost,
>> ConfStart, ConfEnd, ConfDays, ConfStartTime, ConfEndTime, ConfSize)
>> VALUES (\'%s\', \'%s\', \'%%\', \'%%\', %i, \'%%\', \'%%\', %i);""" %
>> (conf_name, host_name, start_day, end_day, int(num_days), start_time,
>> end_time, aud_size))
>
> Does psycopg not handle quoting for you? Almost all database interfaces
> nowadays support something like:
> result = myquery.execute('INSERT INTO foo (anInt,aDate,aText) VALUES
> (?,?,?)', query_parameters);
> The interface deals with quoting the "?" based on the type definitions
> in the database.
You do not have to quote the query in psycopg... Psycopg does it for you.
See the bottom of this for an example using a dictionary:
http://www.devx.com/opensource/Article/29071/0/page/3
Joshua D. Drake
>
> Trying to quote things yourself is tricky. You'll need to handle
> single-quotes in a string yourself - easy to get it wrong.
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
