[DB-SIG] My SQLString class
Peter Hunt
floydophone at gmail.com
Wed Aug 25 06:15:27 CEST 2004
Here's a simple class which escapes SQL parameters as a format string,
perhaps someone can improve upon it or use it?
-------------- next part --------------
import types
class SQLString(types.StringType):
ESCAPE_CHARS = r"""'\""""
def _escape_string(self, s):
for c in self.ESCAPE_CHARS:
s = s.replace(c, "\\" + c)
return s
def __mod__(self, value_list):
if type(value_list) == types.ListType or type(value_list) == types.TupleType:
params = ()
for value in value_list:
if type(value) in types.StringTypes:
value = "'%s'" % self._escape_string(value)
params = params + (value,)
return str.__mod__(self,params)
elif type(value_list) == types.DictType:
for k in value_list:
value = value_list[k]
if type(value) in types.StringTypes:
value_list[k] = "\"%s\"" % self._escape_string(value)
return str.__mod__(self,value_list)
elif type(value_list) in types.StringTypes:
return str.__mod__(self,"\"%s\"" % self._escape_string(value_list))
else:
return str.__mod__(self,value_list)
if __name__ == "__main__":
s = SQLString("you %s really %s times %d....!")
print s % ("are","'cool'",10000)
More information about the DB-SIG
mailing list