escaping % in a string???

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Amy G
    #1

    escaping % in a string???

    I am trying to execute the following MySQL query:

    c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE '%%s%'"""
    %(userid, phrase))

    This returns an error saying:
    ValueError: unsupported format character ''' (0x27) at index 63

    I can fix this by setting
    phrase = "%" + phrase + "%"

    and then
    c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE '%s'"""
    %(userid, phrase))

    But is there a way to escape the % signs in the first execute statement?

    Thanks in advance for any help.
    Sorry about the easy question.



    Tags: None
    • Wolfram Kraus
      #2
      Re: escaping % in a string???

      Heyho!

      Amy G wrote:[color=blue]
      > I am trying to execute the following MySQL query:
      >
      > c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE
      > '%%s%'""" %(userid, phrase))[/color]

      Use %%
      c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE
      '%%%s%%'""" %(userid, phrase))

      [color=blue]
      > This returns an error saying: ValueError: unsupported format
      > character ''' (0x27) at index 63
      >
      > I can fix this by setting phrase = "%" + phrase + "%"
      >
      > and then c.execute("""DE LETE FROM pending WHERE userid=%s AND subject
      > LIKE '%s'""" %(userid, phrase))
      >
      > But is there a way to escape the % signs in the first execute
      > statement?
      >
      > Thanks in advance for any help. Sorry about the easy question.
      >[/color]

      Stay Rude!
      Wolfram

        Comment

        • Amy G
          #3
          Re: escaping % in a string???

          Thanks for the quick response... exactly what I was looking for.


          "Wolfram Kraus" <kraus@hagen-partner.de> wrote in message
          news:c1ms95$mm3 $1@ork.noris.ne t...[color=blue]
          > Heyho!
          >
          > Amy G wrote:[color=green]
          > > I am trying to execute the following MySQL query:
          > >
          > > c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE
          > > '%%s%'""" %(userid, phrase))[/color]
          >
          > Use %%
          > c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE
          > '%%%s%%'""" %(userid, phrase))
          >
          >[color=green]
          > > This returns an error saying: ValueError: unsupported format
          > > character ''' (0x27) at index 63
          > >
          > > I can fix this by setting phrase = "%" + phrase + "%"
          > >
          > > and then c.execute("""DE LETE FROM pending WHERE userid=%s AND subject
          > > LIKE '%s'""" %(userid, phrase))
          > >
          > > But is there a way to escape the % signs in the first execute
          > > statement?
          > >
          > > Thanks in advance for any help. Sorry about the easy question.
          > >[/color]
          >
          > Stay Rude!
          > Wolfram
          >[/color]


            Comment

            • Duncan Booth
              #4
              Re: escaping % in a string???

              Wolfram Kraus <kraus@hagen-partner.de> wrote in
              news:c1ms95$mm3 $1@ork.noris.ne t:
              [color=blue]
              > Amy G wrote:[color=green]
              >> I am trying to execute the following MySQL query:
              >>
              >> c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE
              >> '%%s%'""" %(userid, phrase))[/color]
              >
              > Use %%
              > c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE
              > '%%%s%%'""" %(userid, phrase))[/color]

              You might also consider:

              c.execute("""DE LETE FROM pending WHERE userid=%s AND subject LIKE %s""",
              (userid, '%'+phrase+'%') )

              This has the advantage that it should properly handle any odd characters
              appearing in the parameters (especially important if the parameter text
              could have come from a malicious user).

                Comment

                Previous template Next
                Working...