# String substitution VS proper mysql escaping

Tim Chase python.list at tim.thechases.com
Thu Aug 19 17:58:07 CEST 2010

On 08/19/10 10:42, Nik Gr wrote:
>> You can also prefix any of them with "r" such as
>>
>>    file_path = r"c:\path\to\file.txt"
>>    file_path = r'c:\path\to\file.txt
>>    file_path = r"""c:\path\to\file.txt"""
>>    file_path = r'''c:\path\to\file.txt'''
>
> 'r' is to avoid escaping backslashes only or other special charcaters as
> well?

Yes, just backslashes.

> As for the string i noticed that if i'am to mix single quotes and double
> quotes(any number of them not just always pairs)
> and backslashes and other special stuff in them then i'm best off using
> 3-sinlge-quotes like
>
> name='''My name is "Nikos" and i'am from Thessaloniki\Greece'''
>
> The above example can only be written by using 3-single quoting right?
> Not by pairs of single or double quotes, correct?

It can be written as a non-3-quote string, you just have to
escape the inner quotes (single & double) and the backslash to be
seen:

name = 'My name is Nikos and I\'m from Thessaloniki\\Greece'
name = "My name is \"Nikos\" and I'm from Thessaloniki\\Greece"

> And i dont have to use the 'r' in fornt of it too.

Using the 'r' in front would make it much more challenging,
because it would prevent the backslashes from being seen as
escaping. :)

>>   (1,) + (2,)
>>
>> to return "(1,2)"
>
> This is actually joining two single element tuples (1,)  and (2, ) to a
> new bigger tuple of two elements, correct?

Correct.

> Also if you please comment on my mysql string substitution example i've
> posted in my previous post just to make it work.

There's a number of variables which can impact the exact string
that would need to be passed, so it's not a trivial thing to do.
You may or may not be un-escaping HTML entities in the GET
parameters ("%20" -> a space, etc), and I don't have a readily
available way to duplicate your environment, so testing becomes a
bit harder.  Hopefully others on the list can give you a hand on