QuoteSQL
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Sat Sep 23 18:40:26 EDT 2006
In message <451541db$0$4171$ba624c82 at nntp02.dk.telia.net>, Anders J. Munch
wrote:
> Lawrence D'Oliveiro wrote:
>> Why doesn't MySQLdb provide a function like this:
>>
>> def QuoteSQL(Str, DoWild) :
>> """returns a MySQL string literal which evaluates to Str. Needed
>> for those times when MySQLdb's automatic quoting isn't good
>> enough."""
>
> Presumably because you're expected to use placeholders. When is that
> not good enough?
Here's an example:
def QuoteSQLList(TheList) :
"""returns a MySQL list containing the items of TheList, suitable
for use in an "in" clause."""
return \
"(" + ", ".join([QuoteSQL(Str, False) for Str in TheList]) + ")"
#end QuoteSQLList
>> elif Ch == "'" or Ch == "\"" or Ch == "\\" :
>> Ch = "\\" + Ch
>
> Always sad to see an SQL DBMS willfully violate the SQL standard.
Why is that a violation of SQL?
More information about the Python-list
mailing list