Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In this post about SQLite, aaronasterling told me that
cmd = "attach \"%s\" as toMerge" % "b.db" : is wrongcmd = 'attach "{0}" as toMerge'.format("b.db") : is correctcmd = "attach ? as toMerge"; cursor.execute(cmd, ('b.db', )) : is right thingBut, I’ve thought the first and second are the same. What are the differences between those three?
You should use
'instead of", so you don’t have to escape.You used the old formatting strings that are deprecated.
This uses the new format string feature from newer Python versions that should be used instead of the old one if possible.
This one omits string formatting completely and uses a SQLite feature instead, so this is the right way to do it.
Big advantage: no risk of SQL injection