QuoteSQL
Duncan Booth
duncan.booth at invalid.invalid
Thu Sep 28 03:50:30 EDT 2006
Lawrence D'Oliveiro <ldo at geek-central.gen.new_zealand> wrote:
> In message <Xns984B8482155F6duncanbooth at 127.0.0.1>, Duncan Booth wrote:
>> Deary me. Did you actually test out that bit of code before you
>> posted it?
>
>>>> execfile("QuoteSQL.py")
>>>> EscapeSQLWild(r"\%")
> '\\\\%'
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%")
> '"%\\\\\\\\%%"'
>>>> EscapeSQLWild(r"\%") == r"\\%"
> True
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%") == r'"%\\\\%%"'
> True
>
Ah, so that's a 'no' then. I can't see any tests there. How do you know
that those strings work correctly MySQL queries?
Please, open your mind to what I'm saying. I'm not trying to criticise your
aims, just trying to point out the simple fact that your EscapeSQLWild
function has a bug. If nothing else, the fact that you are finding this so
hard to understand shows that there is a need for a correctly written
function to do this.
The fix to EscapeSQLWild to get test_escapebackslashwild2 to work is a
trivial change, and not suprisingly also makes the other failing test in my
script (the one using parameterised queries and EscapeSQLWild) pass.
Again, please, try running the script I posted, and in particular
test_escapebackslashwild2. It uses the SQL query you yourself created, and
it fails because it matches something it shouldn't.
More information about the Python-list
mailing list