how to safely generate a SQL LIKE statement using python db-api

Question

I am trying to assemble the following SQL statement using python\'s db-api:

SELECT x FROM myTable WHERE x LIKE \'BEGINNING_OF_STRING%\';

wh

Answer 1

EDIT:

As Brian and Thomas noted, the far better way to do this would be to use:

beginningOfString += '%'
cursor.execute("SELECT x FROM myTable WHERE x LIKE ?", (beginningOfString,) )

since the first method leaves you open to SQL injection attacks.

---

Left in for history:

Try:

cursor.execute("SELECT x FROM myTable WHERE x LIKE '%s%%'" % beginningOfString)