[DB-SIG] SQL string escape function

Paul DuBois paul@dubois.ws
Tue, 24 Jul 2001 15:37:45 -0500


At 11:58 AM +0200 7/24/01, M.-A. Lemburg wrote:
>moored@reed.edu wrote:
>>
>>   Forgive my ignorance and inability to find a manual: Is there a function
>>  that will escape special characters from a string such that it can be
>>  included in a SQL statement? I'm looking for something like the php
>>  AddSlashes().
>
>You normally don't need to do that since the database module
>will apply the necessary quoting itself if you pass your parameters
>using bound variables:
>
>cursor.execute('select name from mytable where id=?', (id,))
>
>For more infos, please see the database topic guide on www.python.org.

You need to do it if you want to produce SQL statements for *another*
program to execute.


>
>--
>Marc-Andre Lemburg
>CEO eGenix.com Software GmbH
>______________________________________________________________________
>Consulting & Company:                           http://www.egenix.com/
>Python Software:                        http://www.lemburg.com/python/