python - How to properly escape %s in sql query -
i have following sql:
sql = '''select distinct artwork_apple_url main_catalog (artwork_url null or artwork_url not '%s3-%') union select distinct artwork_apple_url main_collectioninstance (artwork_url null or artwork_url not '%s3-%') ''' cursor.execute(sql) this gives me formatting error -- how like %s3-%' in sql (s3 part of amazon url).
if use parametrized sql, quoting of arguments done db adapter you. it's easier , helps prevent sql injection. note appropriate placemarker (e.g. %s) depends on db adapter using. %s appropriate mysqldb, ? placemarker symbol used oursql, example.
sql = '''select distinct artwork_apple_url main_catalog (artwork_url null or artwork_url not %s) union select distinct artwork_apple_url main_collectioninstance (artwork_url null or artwork_url not %s) ''' cursor.execute(sql, ['%s3-%']*2) 
Comments
Post a Comment