Newbie Python question about strings with parameters: "%%s"?

Question

I'm trying to figure out what the following line does exactly - specifically the %%s part?

cursor.execute('INSERT INTO mastertickets (%s, %s) VALUES (%%s, %%s)'%sourcedest, (self.tkt.id, n))

Any good mini-tutorial about string formatting and inserting variables into strings with Python?

That's a stinky piece of code. Where did you find that? That's something I'd like to avoid. — S.Lott
– S.Lott, Commented Nov 25, 2008 at 13:51
oh and out of curiosity... i agree it's not very readable (hence the question ;), but how should one do it instead? — John Goering
– John Goering, Commented Nov 25, 2008 at 14:02

Ned Batchelder · Accepted Answer · 2008-11-25 13:48:23Z

7

The %% becomes a single %. This code is essentially doing two levels of string formatting. First the %sourcedest is executed to turn your code essentially into:

cursor.execute('INSERT INTO mastertickets (BLAH, FOO) VALUES (%s, %s)', (self.tkt.id, n))

then the db layer applies the parameters to the slots that are left.

The double-% is needed to get the db's slots passed through the first string formatting operation safely.

answered Nov 25, 2008 at 13:48

Ned Batchelder

378k77 gold badges583 silver badges675 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

S.Lott · Accepted Answer · 2008-11-25 14:11:35Z

"but how should one do it instead?"

Tough call. The issue is that they are plugging in metadata (specifically column names) on the fly into a SQL statement. I'm not a big fan of this kind of thing. The sourcedest variable has two column names that are going to be updated.

Odds are good that there is only one (or a few few) pairs of column names that are actually used. My preference is to do this.

if situation1:
    stmt= "INSERT INTO mastertickets (this, that) VALUES (?, ?)"
elif situation2:
    stmt= "INSERT INTO mastertickets (foo, bar) VALUES (?, ?)"
else:
    raise Exception( "Bad configuration -- with some explanation" )
cursor.execute( stmt, (self.tkt.id, n) )

When there's more than one valid combination of columns for this kind of thing, it indicates that the data model has merged two entities into a single table, which is a common database design problem. Since you're working with a product and a plug-in, there's not much you can do about the data model issues.

Draemon · Accepted Answer · 2008-11-25 14:16:47Z

3

Having the column names inserted using string formatting isn't so bad so long as they aren't user-provided. The values should be query parameters though:

stmt = "INSERT INTO mastertickets (%s, %s) VALUES (?, ?)" % srcdest
...
cursor.execute( stmt, (self.tkt.id, n) )

answered Nov 25, 2008 at 14:16

Draemon

34.9k16 gold badges80 silver badges106 bronze badges

Comments

eduffy · Accepted Answer · 2008-11-25 13:44:17Z

1

%% turns into a single %

answered Nov 25, 2008 at 13:44

eduffy

40.5k14 gold badges99 silver badges94 bronze badges

Comments

jfs · Accepted Answer · 2008-11-25 14:18:06Z

0

It does the same:

cursor.execute('INSERT INTO mastertickets (%s, %s) VALUES (:%s, :%s)' % \
    tuple(sourcedest + sourcedest), dict(zip(sourcedest, (self.tkt.id, n))))

Never do that.

answered Nov 25, 2008 at 14:18

jfs

417k210 gold badges1k silver badges1.7k bronze badges

1 Comment

John Goering Over a year ago

oh don't worry. i won't. o_O

Collectives™ on Stack Overflow

Newbie Python question about strings with parameters: "%%s"?

5 Answers 5

Comments

Comments

Comments

Comments

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

Comments

Comments

Comments

Comments

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related