Ivar Zarans <iff@alcaron.ee> writes:
> > qry = "UPDATE table1 SET status = %s WHERE recid = '%s'"
> > cursor.execute(qry, status, recid)
>
> Yes, this helps. But then it sort of obsoletes PyPgSQL-s own quoting
> logic. I would prefer to take care of this all by myself or trust some
> underlying code to do this for me. And PyPgSQL is quite nice - it
> checks datatype and acts accordingly.
You should tell the PyPgSQL folk to use the new binary protocol for parameters
so that there are no quoting issues at all.
But if it's going to interpolate strings into the query then pyPgSQL really
ought to be doing '%s' as above even for numbers. This lets postgres decide
what the optimal datatype is based on what you're comparing it to. Skipping
the quotes will only cause headaches.
--
greg