QuoteSQL
Duncan Booth
duncan.booth at invalid.invalid
Mon Sep 25 08:54:26 EDT 2006
Lawrence D'Oliveiro <ldo at geek-central.gen.new_zealand> wrote:
>> Indeed. An escaping function should be small and not do all kinds of
>> escaping for different situations at once.
>
> Look at it this way: there is _no_ case where you need escaping of
> wildcards without also escaping other specials.
You need to engage brain before posting:
>>> cursor.execute("select * from example"); pprint(cursor.fetchall())
3L
((1L, "o'neil"), (2L, "o'leary"), (3L, 'new\nline'))
>>> cursor.execute("select * from example where name like concat('%%', %s,
'%%')", "'"); pprint(cursor.fetchall())
2L
((1L, "o'neil"), (2L, "o'leary"))
>>> cursor.execute("select * from example where name like concat('%%', %s,
'%%')", "\\'"); pprint(cursor.fetchall())
2L
((1L, "o'neil"), (2L, "o'leary"))
>>> cursor.execute("select * from example where name like concat('%%', %s,
'%%')", "\n"); pprint(cursor.fetchall())
1L
((3L, 'new\nline'),)
>>> cursor.execute("select * from example where name like concat('%%', %s,
'%%')", "\\n"); pprint(cursor.fetchall())
2L
((1L, "o'neil"), (3L, 'new\nline'))
>>>
The spurious escaping of the apostrophe does no harm, but spuriously
escaping a newline makes the select match the letter 'n' insteal of
matching a newline.
More information about the Python-list
mailing list