QuoteSQL
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Wed Sep 27 05:02:35 EDT 2006
In message <Xns984B5837B9F7Aduncanbooth at 127.0.0.1>, Duncan Booth wrote:
> Lawrence D'Oliveiro <ldo at geek-central.gen.new_zealand> wrote:
>
>> def EscapeSQLWild(Str) :
>> """escapes MySQL pattern wildcards in Str."""
>> Result = []
>> for Ch in str(Str) :
>> if Ch == "%" or Ch == "_" :
>> Result.append("\\")
>> #end if
>> Result.append(Ch)
>> #end for
>> return "".join(Result)
>> #end EscapeSQLWild
>
> That doesn't quite work. If you want to stop wildcards being interpreted
> as such in a string used as a parameter to a query, then you have to
> escape the escape character as well.
That's part of the separation of function. Note that the above function does
not generate a MySQL string literal: you must still put it through the
previously-defined SQLString routine, which will automatically escape all
the specials added by EscapeSQLWild.
More information about the Python-list
mailing list