Dennis Lee Bieber
2/21/2010 9:10:00 PM
On 13 Jan 100 14:49:36 GMT, ngps@madcap.dyn.ml.org (Ng Pheng Siong)
declaimed the following in gmane.comp.python.general:
> According to Boudewijn Rempt <boud@rempt.xs4all.nl>:
> > >>>> c.execute(r"INSERT INTO items (story) VALUES (%s)" % file )
> >
> > I haven't tried it - but wouldn't
> > ...." % file.read() )
> > work? I mean, are you trying to insert a file object or the contents
> > of the file?
>
> Assuming the original poster is trying to insert the content of the
> file, try:
>
> c.execute('insert into items (story) values ("%s") % file.read())
> ^^^^
> Note this!
>
Is there any particular reason you responded to a message posted 10
YEARS ago?
Besides, the approved method of interacting with MySQLdb would use:
c.execute("insert into items (story) values (%s)",
(file.read(), ) )
which lets the adapter properly escape any dangerous characters in the
data, then wrap it with any needed quotes.
--
Wulfraed Dennis Lee Bieber KD6MOG
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/