QuoteSQL
Fredrik Lundh
fredrik at pythonware.com
Tue Sep 26 13:13:28 EDT 2006
Dennis Lee Bieber wrote:
> So.. In the case of MySQLdb, one can modify the dictionary of quote
> converters... Seems like one could create a "class" for "LIKE" wildcard
> strings, rather than just pass plain strings, and add that "type" to the
> list of quote converters. That way, one's custom quote function CAN work
> through the regular auto-quote method:
>
> cr.execute(SQL, (LikeType(some_string_with_wildcards),) )
>
> http://mail.python.org/pipermail/python-list/2003-October/189583.html
>
> I believe SQLite has a similar capability -- possibly other DB
> adapters also have a means of attaching converters (in both directions).
using the term "auto-quoting" for bound parameters isn't very portable,
though. intelligent database engines don't even attempt to pass such
data through the SQL parser.
(does MySQL still do that, btw? or has that always been a PHP issue?)
</F>
More information about the Python-list
mailing list