[DB-SIG] SQL string escape function
M.-A. Lemburg
mal@lemburg.com
Wed, 25 Jul 2001 09:44:41 +0200
Paul DuBois wrote:
>
> At 11:58 AM +0200 7/24/01, M.-A. Lemburg wrote:
> >moored@reed.edu wrote:
> >>
> >> Forgive my ignorance and inability to find a manual: Is there a function
> >> that will escape special characters from a string such that it can be
> >> included in a SQL statement? I'm looking for something like the php
> >> AddSlashes().
> >
> >You normally don't need to do that since the database module
> >will apply the necessary quoting itself if you pass your parameters
> >using bound variables:
> >
> >cursor.execute('select name from mytable where id=?', (id,))
> >
> >For more infos, please see the database topic guide on www.python.org.
>
> You need to do it if you want to produce SQL statements for *another*
> program to execute.
That's true...
BTW, there is a dbinfo.py tool on my web-pages which
aims at providing standard escaping (and other) mechanism to enable
writing cross-database SQL code. Perhaps this module helps ?!
--
Marc-Andre Lemburg
CEO eGenix.com Software GmbH
______________________________________________________________________
Consulting & Company: http://www.egenix.com/
Python Software: http://www.lemburg.com/python/