1

I have this string

q="""insert into genres (movieid,%(genre_name)s) values (%(movieid)i,1)""" % {'genre_name': t2, 'movieid': movieid}

but the result of print q is

) values (1,1)nres (movieid,adventure

instead of

insert into genres (movieid,adventure) values (1,1)

why?

Improve this question
2
  • I get the good result, could you give more context, and print t2 and movieid also ? Commented Feb 13, 2012 at 10:22
  • I guess the content of "genre_name" contains a \r (carriage return, en.wikipedia.org/wiki/CRLF) character or some other crap that makes the display goes wrong. Commented Feb 13, 2012 at 10:24

1 Answer 1

Reset to default
6

Your movie genre_name has carriage return.

Example:

q="""insert into genres (movieid,%(genre_name)s) values (%(movieid)i,1)""" % {'genre_name': 'horro\r', 'movieid': 12}

print q

gives:

) values (12,1)res (movieid,horro

You should sanitize your input. It's strange to have a backslash there, but maybe change it to forward slash or make it adventure(r).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I agree q="""insert into genres (movieid,%(genre_name)s) values (%(movieid)i,1)""" % {'genre_name': "adventure\r", 'movieid': 1} give your result
Thanks. Now i sanitize my input with str.strip() method

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.