[issue37106] python re.escape doesn't escape some special characters.
Eric V. Smith
report at bugs.python.org
Fri May 31 05:02:40 EDT 2019
Eric V. Smith <eric at trueblade.com> added the comment:
re.escape() is designed to only escape characters that have special meaning in regular expressions. It is not a general purpose escaping mechanism, and it is especially dangerous to use it for building SQL statements.
You should be using parameterized SQL queries. See https://en.wikipedia.org/wiki/SQL_injection and for example https://stackoverflow.com/questions/1633332/how-to-put-parameterized-sql-query-into-variable-and-then-execute-in-python
In any event, it seems that re.escape() is working as designed, so I'm going to close this.
----------
resolution: -> not a bug
stage: test needed -> resolved
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37106>
_______________________________________
More information about the Python-bugs-list
mailing list