QuoteSQL
Duncan Booth
duncan.booth at invalid.invalid
Fri Sep 29 03:16:13 EDT 2006
Lawrence D'Oliveiro <ldo at geek-central.gen.new_zealand> wrote:
> In message <efeqpd$8vh$1 at lust.ihug.co.nz>, LI wrote:
>
>>>>> execfile("QuoteSQL.py")
>>>>> EscapeSQLWild(r"\%")
>> '\\\\%'
>>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%")
>> '"%\\\\\\\\%%"'
>>>>> EscapeSQLWild(r"\%") == r"\\%"
>> True
>>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%") == r'"%\\\\%%"'
>> True
>
> With the correction to EscapeSQLWild, this becomes:
>
>>>> execfile("QuoteSQL.py")
>>>> EscapeSQLWild(r"\%")
> '\\\\\\%'
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%")
> '"%\\\\\\\\\\\\%%"'
>>>> EscapeSQLWild(r"\%") == r"\\\%"
> True
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%") == r'"%\\\\\\%%"'
> True
>
True but irrelevant. The point is that it isn't relevant whether you are
seeing 4, 6, 8, or 12 backslashes, because you wrote the code to produce
the number you thought you wanted and you had misunderstood how MySQL
works. That's why it is important in a situation like this to test against
the code that actually uses the string. I had no idea how MySQL would
handle escapes in this situation, but I didn't need to know, I just wrote
some tests and figured out which strings would make them pass or fail.
Anyway, congratulations on finally getting the message.
More information about the Python-list
mailing list