These are the frequently asked questions from the DB-SIG mailing list.

How do I pass parameters to the cursor.execute method?

Don't use the '%' concatenation operator, pass them as a series of extra parameters. For instance

>>> cursor.execute("SELECT * FROM my_table WHERE my_column = '%s'" % "column_value") 

May do what you want, but more by accident than design. If you change it to;

>>> cursor.execute("SELECT * FROM my_table WHERE my_column = %s", "column_value") 

Then the DB-API module will make sure your value is correctly escaped and turned into an object appropriate for the database.

/!\ Drivers differ in the way the parameters are passed to .execute();

Some examples of parameter passing:

/!\ Drivers also differ in the substitution sequence used to denote a parameter. The substitution style can be inspected by reading the paramstyle atribute of the module being used:

>>> print module_name.paramstyle

Some examples of usage for each paramstyle:

See the paramstyle section (under Module Interface) in the DB-API 2.0 specification for more information.

See also: DbApiCheatSheet (under construction)


DbApiFaq (last edited 2010-03-09 04:12:39 by bb14f857)

Unable to edit the page? See the FrontPage for instructions.