Escaping characters in MySQLdb query
Bryan Castillo
rook_5150 at yahoo.com
Mon Apr 12 23:11:30 EDT 2004
"Sean Berry" <sean_berry at cox.net> wrote in message
> > I wrote a little script that is inserting thousands of records into a
> mysql
> > database.
> >
> > How do I escape characters like ' in my insert statements?
> >
> > I have something like the following (much shorter) example:
> >
> > c.execute("INSERT INTO records (var1, var2) values ('%s', '%s')"
> %(value1,
> > value2))
> >
> > My problem is when value1 is something like "Tom's auto supply". The ' in
> > Tom's needs to be escaped. How can I do this?
Python 2.3.3 (#51, Dec 18 2003, 20:22:39) [MSC v.1200 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import MySQLdb
>>> print MySQLdb.escape_string.__doc__
escape_string(s) -- quote any SQL-interpreted characters in string s.
Use connection.escape_string(s), if you use it at all.
_mysql.escape_string(s) cannot handle character sets. You are
probably better off using connection.escape(o) instead, since
it will escape entire sequences as well as strings.
>>>
> >
> > Thanks.
> >
> >
More information about the Python-list
mailing list