MySQLdb injection support

Hello,
I cannot figure out how should I set up language injection so my "%s" variables should not break MySQL expression. I use MySQLdb connector.
For example:

    cursor.execute('SELECT `group_id` FROM `groups` WHERE team_id=%s', (1, 2))

%s is an error!
Or maybe you can advice some alternative for MySQLdb that easily replace it?
0
2 comments
Avatar
Permanently deleted user
Thanks for your reply!

I decided to migrate to oursql for now. Syntax is almost the same (but no autocommit method on connection). It supports question mark notation... Anyway will love to see this bug get fixed in future versions.
0

Please sign in to leave a comment.