escaping % in a string???

Discussion in 'Python' started by Amy G, Feb 27, 2004.

  1. Amy G

    Amy G Guest

    I am trying to execute the following MySQL query:

    c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE '%%s%'"""
    %(userid, phrase))

    This returns an error saying:
    ValueError: unsupported format character ''' (0x27) at index 63

    I can fix this by setting
    phrase = "%" + phrase + "%"

    and then
    c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE '%s'"""
    %(userid, phrase))

    But is there a way to escape the % signs in the first execute statement?

    Thanks in advance for any help.
    Sorry about the easy question.
     
    Amy G, Feb 27, 2004
    #1
    1. Advertising

  2. Heyho!

    Amy G wrote:
    > I am trying to execute the following MySQL query:
    >
    > c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE
    > '%%s%'""" %(userid, phrase))


    Use %%
    c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE
    '%%%s%%'""" %(userid, phrase))


    > This returns an error saying: ValueError: unsupported format
    > character ''' (0x27) at index 63
    >
    > I can fix this by setting phrase = "%" + phrase + "%"
    >
    > and then c.execute("""DELETE FROM pending WHERE userid=%s AND subject
    > LIKE '%s'""" %(userid, phrase))
    >
    > But is there a way to escape the % signs in the first execute
    > statement?
    >
    > Thanks in advance for any help. Sorry about the easy question.
    >


    Stay Rude!
    Wolfram
     
    Wolfram Kraus, Feb 27, 2004
    #2
    1. Advertising

  3. Amy G

    Amy G Guest

    Thanks for the quick response... exactly what I was looking for.


    "Wolfram Kraus" <> wrote in message
    news:c1ms95$mm3$...
    > Heyho!
    >
    > Amy G wrote:
    > > I am trying to execute the following MySQL query:
    > >
    > > c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE
    > > '%%s%'""" %(userid, phrase))

    >
    > Use %%
    > c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE
    > '%%%s%%'""" %(userid, phrase))
    >
    >
    > > This returns an error saying: ValueError: unsupported format
    > > character ''' (0x27) at index 63
    > >
    > > I can fix this by setting phrase = "%" + phrase + "%"
    > >
    > > and then c.execute("""DELETE FROM pending WHERE userid=%s AND subject
    > > LIKE '%s'""" %(userid, phrase))
    > >
    > > But is there a way to escape the % signs in the first execute
    > > statement?
    > >
    > > Thanks in advance for any help. Sorry about the easy question.
    > >

    >
    > Stay Rude!
    > Wolfram
    >
     
    Amy G, Feb 27, 2004
    #3
  4. Amy G

    Duncan Booth Guest

    Wolfram Kraus <> wrote in
    news:c1ms95$mm3$:

    > Amy G wrote:
    >> I am trying to execute the following MySQL query:
    >>
    >> c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE
    >> '%%s%'""" %(userid, phrase))

    >
    > Use %%
    > c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE
    > '%%%s%%'""" %(userid, phrase))


    You might also consider:

    c.execute("""DELETE FROM pending WHERE userid=%s AND subject LIKE %s""",
    (userid, '%'+phrase+'%'))

    This has the advantage that it should properly handle any odd characters
    appearing in the parameters (especially important if the parameter text
    could have come from a malicious user).
     
    Duncan Booth, Feb 27, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Grant Olson

    Safe string escaping?

    Grant Olson, Mar 8, 2005, in forum: Python
    Replies:
    2
    Views:
    408
    Bengt Richter
    Mar 8, 2005
  2. Jules Stevenson
    Replies:
    1
    Views:
    235
    Duncan Booth
    Mar 2, 2008
  3. Íßêïò
    Replies:
    2
    Views:
    474
    Nik Gr
    Aug 18, 2010
  4. Cameron Simpson
    Replies:
    10
    Views:
    567
  5. Nik Gr
    Replies:
    21
    Views:
    658
    Dennis Lee Bieber
    Aug 31, 2010
Loading...

Share This Page