[ANN] istring 1.0.1 released; announce list created
Bengt Richter
bokr at oz.net
Wed Mar 13 17:36:00 EST 2002
On Wed, 13 Mar 2002 21:30:47 +0300, Oleg Broytmann <phd at phd.pp.ru> wrote:
>On Wed, Mar 13, 2002 at 08:15:39PM +0100, Andreas Kostyrka wrote:
>> And what about:
>> db.query("""SELECT foo, bar
>> FROM %(table)s
>> WHERE rsrc_id = %(rsrc_id)d
>> AND name = '%(name)s'""" % locals())
>>
>> pure standard Python :)
>
> This will fail if name = "O'Hara". Or name = 'Tutti"""Frutti'.
>
Ok, then how about:
---
>>> table = 'theTable'
>>> rsrc_id = 1234567
>>> class QEsc:
... def __init__(self,s): self.sesc = "\\'".join('\\"'.join(s.split('"')).split("'"))
... def __str__(self): return self.sesc
...
>>> for badname in ["O'Hara", 'Tutti"""Frutti']:
... name = QEsc(badname)
... print """SELECT foo, bar
... FROM %(table)s
... WHERE rsrc_id = %(rsrc_id)d
... AND name = '%(name)s'""" % locals()
...
SELECT foo, bar
FROM theTable
WHERE rsrc_id = 1234567
AND name = 'O\'Hara'
SELECT foo, bar
FROM theTable
WHERE rsrc_id = 1234567
AND name = 'Tutti\"\"\"Frutti'
>>>
---
"pure standard Python :)"
Regards,
Bengt Richter
More information about the Python-list
mailing list