Pickling objects into database
Lexy Zhitenev
zhitenev at cs.vsu.ru
Fri Mar 28 08:37:34 EST 2003
"Kresimir Kumericki" <kkumer at phy.hr> wrote in message:
news:b61431$ms1$1 at bagan.srce.hr...
> dict = { ... some items ...}
>
> qry = 'UPDATE table SET blobcolumn="%s" WHERE id=someid' %\
> (MySQLdb.escape_string(cPickle.dumps(dict)), someid)
>
> cursor.execute(qry)
>
>
> This seems to be working properly but, being a newbie to all this, I am
> somewhat concerned about forwarding cPickle.dumps() *ugly* strings to
> database like this. Is MySQLdb.escape_string up to the job of escaping
> everything that should be escaped? Is there a better way of doing this?
According to PHP documentation, 'escape_string', which is an alias for
'mysqli_real_escape_string' escapes all special characters taking into
account the current charset of the connection. Escaping is done for all
characters with codes under 32 (space ' ') and over 127 for ASCII. I think
Python version does the same.
Generally, you don't need to worry. escape_string will escape all symbols
which it will think unusable, at least '.
Also remember that cPickle has two formats of data: binary and text. Text
format saves all data using ASCII symbols (32..127), while binary format
uses all 256 symbols, thus requiring less bytes.
Regards, Lexy.
More information about the Python-list
mailing list