id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16407	Unicode not working for direct SQL INSERT	mashedmeat	nobody	"I've only tried this bug using ""INSERT INTO"" and ""INSERT OR REPLACE INTO"". The problem is that I can't use params. Here's what I was trying:

{{{
word = ""pickle""
translation = googleTranslate('english', 'chinese', word) #from, to, word-to-be-translated
cursor.execute(""INSERT INTO %s VALUES (%s, %s)"", [table, word, translation]) # table won't insert here...
}}}

In order to bypass this, I had to insert it using a string, which was explicitly stated to be a security problem in the documentation:

{{{
insert_sql = ""INSERT INTO %s VALUES"" % (table_name)
insert_sql = insert_sql + "" (%s, %s)""
cursor.execute(insert_sql, [title, translation])
}}}

(the code is a little different, because it's my actual code. I wrote the last code bit to try to better illustrate what's going on.)

Best,
Loren"	Bug	closed	Database layer (models, ORM)	1.3	Normal	invalid			Unreviewed	0	0	0	0	0	0