Hi, I'd like to store chunks of text, some of them may be very large,
in a database, and have them searchable using 'LIKE %something%'
construct. These pieces of text may have single and double quotes in
them, I tried escaping them using re module and string module and
either I did something wrong, or they escape either single quotes or
double quotes, not both of these. So that when I insert that text into
a db record, this causes an error from the database. What's the
accepted way of dealing with this? I have a workaround currently where
I encode the string with b64, and then unencode it when searching for
a string, but that's a dumb way to do this. For my app, searching
quickly is not very crucial, but would be nice to have.. thanks, -ak
5  5264 
On Wed, 2008-03-12 at 18:18 -0700, an********@gmail.com wrote:
These pieces of text may have single and double quotes in
them, I tried escaping them using re module and string module and
either I did something wrong, or they escape either single quotes or
double quotes, not both of these. So that when I insert that text into
a db record, this causes an error from the database. What's the
accepted way of dealing with this?
The accepted way of dealing with this is to use parameter binding:
conn = somedbmodule.connect(...)
cur = conn.cursor()
cur.execute("insert into sometable(textcolumn) values (?)",
(stringvar,) )
(Note that the question mark may have to be replaced with %s depending
on which database module you're using.)
For background information on parameter binding see, for example, http://informixdb.blogspot.com/2007/...in-blanks.html .
HTH,
--
Carsten Haese http://informixdb.sourceforge.net
On Mar 12, 8:32*pm, Carsten Haese <cars...@uniqsys.comwrote:
On Wed, 2008-03-12 at 18:18 -0700, andrei....@gmail.com wrote:
These pieces of text may have single and double quotes in
them, I tried escaping them using re module and string module and
either I did something wrong, or they escape either single quotes or
double quotes, not both of these. So that when I insert that text into
a db record, this causes an error from the database. What's the
accepted way of dealing with this?
The accepted way of dealing with this is to use parameter binding:
conn = somedbmodule.connect(...)
cur = conn.cursor()
cur.execute("insert into sometable(textcolumn) values (?)",
* * * * * * (stringvar,) )
(Note that the question mark may have to be replaced with %s depending
on which database module you're using.)
For background information on parameter binding see, for example,http://informixdb.blogspot.com/2007/...in-blanks.html.
HTH,
--
Carsten Haesehttp://informixdb.sourceforge.net
Thanks for the reply, Carsten, how would this work with UPDATE
command? I get this error:
cmd = "UPDATE items SET content = ? WHERE id=%d" % id
self.cursor.execute(cmd, content)
pysqlite2.dbapi2.ProgrammingError: Incorrect number of bindings
supplied. The c
rrent statement uses 1, and there are 0 supplied.
Sqlite site doesn't give any details on using parameter bindings in
UPDATE command, I'm
going to look around some more.. -ak an********@gmail.com wrote:
how would this work with UPDATE
command? I get this error:
cmd = "UPDATE items SET content = ? WHERE id=%d" % id
self.cursor.execute(cmd, content)
pysqlite2.dbapi2.ProgrammingError: Incorrect number of bindings
supplied. The c
rrent statement uses 1, and there are 0 supplied.
The error message implies that 'content' is an empty sequence.
Even when the SQL takes exactly one parameter, the second
argument is a sequence containing the parameter. You can use
a one-element list, written [someparam], or a one-tuple
(someparam,).
Sqlite site doesn't give any details on using parameter bindings in
UPDATE command, I'm
going to look around some more..
To make effective use of Python's Sqlite3 module, I need three
references: the Python DB API v2 spec, the Sqlite3 module's doc,
and the Sqlite database doc. http://www.python.org/dev/peps/pep-0249/ http://docs.python.org/lib/module-sqlite3.html http://www.sqlite.org/docs.html
With all three, parameter binding is still under-specified, but
only a little.
Those new to the relational model and to SQL will need sources
on those as well. On the model, I think the foundational paper
has held up well over the decades:
Codd, E.F. "A Relational Model of Data for Large Shared
Data Banks". /Communications of the ACM/ Volume 13 number
6, June 1970; pages 377–387.
It is currently available on line at: http://www.seas.upenn.edu/~zives/03f/cis550/codd.pdf
Anyone have a particularly good and easily accessible
source to recommend on SQL?
--
--Bryan
--
Carsten
Haesehttp://informixdb.sourceforge.net
Thanks for the reply, Carsten, how would
this work with UPDATE command? I get this
error:
cmd = "UPDATE items SET content =
? WHERE id=%d" % id
try this;
("update items set contents = (?) where id
=(?)", [ x, y] )
put your data in a list
or
("update items set contents = (?) where id
=%d ", [ x] )
below statement "uses 1" refers to the one
(?) , 0 supplied, means no list or none in
list.
jim-on-linux http://www.inqvista.com
>
self.cursor.execute(cmd, content)
pysqlite2.dbapi2.ProgrammingError:
Incorrect number of bindings supplied. The
c
rrent statement uses 1, and there are 0
supplied.
Sqlite site doesn't give any details on
using parameter bindings in UPDATE
command, I'm
going to look around some more.. -ak
On Mar 14, 1:36*am, Dennis Lee Bieber <wlfr...@ix.netcom.comwrote:
On Thu, 13 Mar 2008 19:55:27 -0700 (PDT), andrei....@gmail.com declaimed
the following in comp.lang.python:
Thanks for the reply, Carsten, how would this work with UPDATE
command? I get this error:
* * * * cmd = "UPDATE items SET content = ? WHERE id=%d" %id
* * * * * * * * cmd = "update items set content = ? where id = ?"
* * self.cursor.execute(cmd, content)
* * * * * * * * self.cursor.execute(cmd, (content, id))
would be the preferred method...
Thanks very much - this works perfectly -ak
>
--
* * * * Wulfraed * * * *Dennis Lee Bieber * * * * * * * KD6MOG
* * * * wlfr...@ix.netcom.com * * * * * * * wulfr...@bestiaria.com
* * * * * * * * HTTP://wlfraed.home.netcom.com/
* * * * (Bestiaria Support Staff: * * * * * * * web-a...@bestiaria.com)
* * * * * * * * HTTP://www.bestiaria.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: kinde |
last post by:
hi
here is a problem:
i have a databes with many, many tables
the problem is that i dont know where 'abcd' string is (but it is for sure
in one of that table)
is there any SELECT that could help...
|
by: Alex Smith |
last post by:
Hi Friends
I want to make common connection string for database. I can not use Web
config file, so please give idea excluding web.config file.
Thanks.
Alex
|
by: Timothy Wang |
last post by:
Hi everyone :
Is there anybody know how to use a string store in a variable as command ?
Like :
str1='test...'
str2='...test'
str3='left(str1, 5) & Right((str2,3 ) '
How do we get...
|
by: Steve |
last post by:
I am new to ASP security. I want to know what is the best way to store
database password in ASP application? Or if there are any places to
store in IIS? I tried to store the password in VB DLL...
|
by: Merk |
last post by:
I'm looking for a safe and maintainable way to store connection string info
(connecting to SQL Server 2005 from .NET 2.0 Windows Forms client app);
things like server name or IP address and...
|
by: qilin |
last post by:
I am trying to save a big text string into MySQL, but I guess i need
escape the string firstly, anybody knows any escape function in c for
that? or any other suggests ?
|
by: jelle79 |
last post by:
Hi all,
I'm storing all kind of data stored in objects. Now I want to query my
data-source. And I thought LINQ is the right thing for it.
Data is stored like:
store.Database
Queries like...
|
by: ylj798 |
last post by:
this string from web by the Regular Expression�$B!$�(B
�$B!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]!]�(B
href="#" onClick="ConvertURL2FG('Flashget://...
|
by: tanishka singh |
last post by:
How do you convert string from database into date in asp.net?
Dim output = (From tlb In obj.SelectRecordAll_SalesInquiryRegister _
Join tlb1 In LatestPOs On tlb.SIR_OfferNo...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |
