SQL Variable Substitution Question
Paul Boddie
paulb at infercor.no
Thu Jun 8 06:29:14 EDT 2000
More information about the Python-list mailing list
Thu Jun 8 06:29:14 EDT 2000
- Previous message (by thread): SQL Variable Substitution Question
- Next message (by thread): SQL Variable Substitution Question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tim Roberts wrote: > > liang at cad.gatech.edu (Shengquan Liang) wrote: > > > >say i have yyyy = 1000 > > > >in the documentation of DC Oracle, it says that > >i shoul d use 'select * from attt' > > 'where bbbb = :yyyy' > > > >to make it work. > > No, SQL doesn't have any idea what your Python variables are. To use the > ":" feature, you have to have set an _SQL_ variable called "yyyy". How you > do that varies with the backend. Guessing, with the help of the DB-API specification, I would try: cursor.execute('select * from attt where bbbb = :yyyy', {"yyyy" : yyyy}) Or: cursor.execute('select * from attt where bbbb = :yyyy', yyyy=yyyy) See the specification at: http://www.python.org/topics/database/DatabaseAPI-2.0.html > In your case, it's probably easier to build the complete string in Python > and pass that to the database: > > 'select * from attt where bbbb = %d' % yyyy I would advise against this, and given the numerous recent occasions when such advice has been given on comp.lang.python, I rather suspect that most Python database application writers who make their opinions known either don't know about bind variables or don't trust them. As for being easier, take a look at this suggestion: Scott Barron wrote: > > Perhaps you are looking for something like this: > > query_string = "SELECT AAA FROM BBB WHERE cc = %s" > > then you could do: > > query_function (query_string % `pp`) # if pp is an integer type > > or > query_function (query_string % pp) # if pp is a string type > > or change %s to %d or whatever, depending on what pp is. Will the second case actually work? I don't see the % operator adding ' characters to make the query string correct, or dealing appropriately with ' characters inside any string literal. It seems easier to use bind variables, in my opinion. Tim Roberts wrote: > > liang at cad.gatech.edu (Shengquan Liang) wrote: > > > >BUT, when i tried it this way, the > >iDC oracle reponded by: > > > > oci.err:(1008,'ORA-1008: not all variables bound\012') > > > >what's the problem with that? > > You haven't bound the SQL variable yyyy to any value. As I said, the > method for doing that varies with the backend. Indeed. If the above methods don't work, try using numeric variable names: cursor.execute('select * from attt where bbbb = :1', (yyyy,)) cursor.execute('select * from attt where bbbb = :1 and cccc = :2', (yyyy, zzzz)) This definitely worked in previous Oracle modules. Note that a tuple must be supplied as the second argument. Paul
- Previous message (by thread): SQL Variable Substitution Question
- Next message (by thread): SQL Variable Substitution Question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list