Escaping SQL in python
Erno Kuusela
erno-news at erno.iki.fi
Wed Jun 27 11:59:58 EDT 2001
In article <Pol_6.26252$g4.1003260 at e420r-atl2.usenetserver.com>,
"Steve Holden" <sholden at holdenweb.com> writes:
| The *best* way to handle this is to use dynamic SQL, and let the module do
| the quoting.
| Beware, though. There are five different parameter styles
yeah, there's that and also not all of the db-api modules handle
quoting correctly. i think pygresql didn't do any quoting
(i've sent a (hopefully correct) patch).
-- erno
More information about the Python-list
mailing list