1

I am trying to insert data into sqlite database in python. Now when I have a single quote in my variable

data = "This is my apple's seed."
cursor.execute("insert into tableName (ColName) values ('%s')" %data)

it gives error like this:

sqlite3.OperationalError: near "s": syntax error

I know that this problem occurred because I didn't escape characters properly. How do I do that?

Sнаđошƒаӽ
  • 16,753
  • 12
  • 73
  • 90
xtur
  • 43
  • 1
  • 4

1 Answers1

1

Use this:

cursor.execute("insert into tableName (ColName) values (?)", (data,))

Docs encourages usage of DB-API's parameter substitution. From docs:

use the DB-API’s parameter substitution. Put ? as a placeholder wherever you want to use a value, and then provide a tuple of values as the second argument to the cursor's execute() method.

Sнаđошƒаӽ
  • 16,753
  • 12
  • 73
  • 90