QuoteSQL
Duncan Booth
duncan.booth at invalid.invalid
Mon Sep 25 08:54:26 EDT 2006
More information about the Python-list mailing list
Mon Sep 25 08:54:26 EDT 2006
- Previous message (by thread): QuoteSQL
- Next message (by thread): QuoteSQL
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lawrence D'Oliveiro <ldo at geek-central.gen.new_zealand> wrote: >> Indeed. An escaping function should be small and not do all kinds of >> escaping for different situations at once. > > Look at it this way: there is _no_ case where you need escaping of > wildcards without also escaping other specials. You need to engage brain before posting: >>> cursor.execute("select * from example"); pprint(cursor.fetchall()) 3L ((1L, "o'neil"), (2L, "o'leary"), (3L, 'new\nline')) >>> cursor.execute("select * from example where name like concat('%%', %s, '%%')", "'"); pprint(cursor.fetchall()) 2L ((1L, "o'neil"), (2L, "o'leary")) >>> cursor.execute("select * from example where name like concat('%%', %s, '%%')", "\\'"); pprint(cursor.fetchall()) 2L ((1L, "o'neil"), (2L, "o'leary")) >>> cursor.execute("select * from example where name like concat('%%', %s, '%%')", "\n"); pprint(cursor.fetchall()) 1L ((3L, 'new\nline'),) >>> cursor.execute("select * from example where name like concat('%%', %s, '%%')", "\\n"); pprint(cursor.fetchall()) 2L ((1L, "o'neil"), (3L, 'new\nline')) >>> The spurious escaping of the apostrophe does no harm, but spuriously escaping a newline makes the select match the letter 'n' insteal of matching a newline.
- Previous message (by thread): QuoteSQL
- Next message (by thread): QuoteSQL
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list