SQLite parameter substitution and quotes

Question

I have this line that works OK:

c.execute(\'select cleanseq from cleanseqs WHERE newID=\"%s\"\'%name)

But I want to use SQLite parameter su

Answer 1

Regular User

just noticed that you'll have to do this manual by using the unsecure method of sql_string = "other sql surger here.. fieldname=\""+value+"\";"

its the only way you'll get it to parse correctly. using SQLite for win ce. and well left me with no other alternative, just escape your values before putting them in else you'll most likely end up with a very sad database from sql injections :'( lol