QuoteSQL
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Tue Sep 26 07:08:57 EDT 2006
In message <slrnehhr52.ln4.sybrenUSE at schuimige.stuvel.eu>, Sybren Stuvel
wrote:
> Lawrence D'Oliveiro enlightened us with:
>> You're proposing two separate functions:
>>
>> 1) quoting of non-wildcard specials
>> 2) quoting of wildcard specials
>
> I'm suggesting functions based on the role of the string they need to
> escape, not the characters in that string.
>
> 1) Quoting of wildcard strings for a query using LIKE etc.
> 2) Quoting of values for putting into queries.
You know what, it turns out there is no stupid mistake number 2. Quoted
wildcards can be put through a non-wildcard quoting routine and it will
work. In fact, that's how it should work--the LIKE clause does its own
parsing of the pattern string, I was just being misled by the fact that
MySQL's lexical analyzer was passing through the backslashes in the string
literals because they weren't escaping special characters.
So yes, there should be two separate functions, one for escaping
non-wildcard specials, and one for escaping wildcards.
> You only need the first one, since every database interface that
> follows PEP 249.
You still need the second one, in instances like the QuoteSQLList example I
gave earlier.
More information about the Python-list
mailing list