From e096094c87bdc8e388310823e1694215304b9cf1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marius=20Vai=C5=A1vila?= <marius@vaisvila.net>
Date: Mon, 11 Feb 2019 00:52:27 +0200
Subject: [PATCH] Problems with table names containing character '%', related
 issue #87

pyodbc uses '?' instead of '%s' as parameter placeholder.
SQL identifiers (consequently table names, columns) can contain special characters if surrounded by brackets '[...]'
Replace only those placeholders:'%, %%, %s, %d etc.' which are not surrounded by brackets.
This is not complete solution, there may be problems with string literals in SQL etc. , if non string placeholder is found (example:%d) there should be error raised.
---
 sql_server/pyodbc/base.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sql_server/pyodbc/base.py b/sql_server/pyodbc/base.py
index e37fa5ae..e5cb42fd 100644
--- a/sql_server/pyodbc/base.py
+++ b/sql_server/pyodbc/base.py
@@ -495,9 +495,13 @@ def format_sql(self, sql, params):
             sql = smart_str(sql, self.driver_charset)
 
         # pyodbc uses '?' instead of '%s' as parameter placeholder.
+        # SQL identifiers (consequently table names) can contain special characters if surrounded by brackets '[...]'
+        # Replace only those placeholders:'%, %% %s etc.' which are not surrounded by brackets.            
+        # This is not complete solution, there may be problems with string literals in SQL etc.            
         if params is not None:
-            sql = sql % tuple('?' * len(params))
-
+            pattern = '''(?<![\[\]])\%[sbcdoxXn%]?(?![^\[\]]*\])'''
+            sql = re.sub(pattern,'?',sql)
+            
         return sql
 
     def format_params(self, params):