[DB-SIG] SQL string escape function
Paul DuBois
paul@dubois.ws
Tue, 24 Jul 2001 15:37:45 -0500
At 11:58 AM +0200 7/24/01, M.-A. Lemburg wrote:
>moored@reed.edu wrote:
>>
>> Forgive my ignorance and inability to find a manual: Is there a function
>> that will escape special characters from a string such that it can be
>> included in a SQL statement? I'm looking for something like the php
>> AddSlashes().
>
>You normally don't need to do that since the database module
>will apply the necessary quoting itself if you pass your parameters
>using bound variables:
>
>cursor.execute('select name from mytable where id=?', (id,))
>
>For more infos, please see the database topic guide on www.python.org.
You need to do it if you want to produce SQL statements for *another*
program to execute.
>
>--
>Marc-Andre Lemburg
>CEO eGenix.com Software GmbH
>______________________________________________________________________
>Consulting & Company: http://www.egenix.com/
>Python Software: http://www.lemburg.com/python/