Using strings with ' in them in SQL-queries
Aahz Maruch
aahz at netcom.com
Tue May 30 16:33:20 EDT 2000
In article <39342055.1301760 at news.c2i.net>, <thomas at cintra.no> wrote:
>
>I need to insert strings with ' in them in query-strings. I`m using
>the PostgreSQL-database.
>
>If I try stuff like this :
>
>db = _pg.connection(....)
>db.query('insert into test (id, name) value (1, 'fdsfds''fdsf') ')
>
>That works ok. But the string I need to insert I get from a variable.
>I cannot seem to use a variable in the query-string. Is there any way
>around this? How can I handle characters in strings that may
>comprimise the requirements of a valid sql-statement??
def sqlize(s):
return string.replace(s,"'","''")
db.query("insert into test (name) value ('%s')" % sqlize(foo))
--
--- Aahz (Copyright 2000 by aahz at netcom.com)
Androgynous poly kinky vanilla queer het <*> http://www.rahul.net/aahz/
Hugs and backrubs -- I break Rule 6
Have you coined a word today? --Aahz
More information about the Python-list
mailing list