Friday, July 30, 2010

had horrid trouble with Sybase Python interaction with escaping parameters. Problem was evinced by passing string ''' I'm ''' into an update statement with the simple:

'update table set field = %s where id = 1' % (instr)

The trouble with this is the sql string has a quote, and it dies.

Turns out, you have to escape by passing it into the c.execute(sql, paramHash)

code is as follows:

c=db.cursor()
sql = '''update Answer set answerText=@at where answerid=2'''
c.execute(sql, { '@at':'hello'} )
c.rowcount
c.close()


This solves the parameterization. CRUCIAL POINT: HAVE TO USE @VAR NOT JUST VAR.

FYI.

No comments: