Escaping SQL in python

[Erno Kuusela]

In article <Pol_6.26252$g4.1003260 at e420r-atl2.usenetserver.com>,
"Steve Holden" <sholden at holdenweb.com> writes:

| The *best* way to handle this is to use dynamic SQL, and let the module do
| the quoting.

| Beware, though. There are five different parameter styles 

yeah, there's that and also not all of the db-api modules handle
quoting correctly. i think pygresql didn't do any quoting
(i've sent a (hopefully correct) patch).

  -- erno