Groups | Search | Server Info | Login | Register
Groups > comp.databases.mysql > #7797
| From | "J.O. Aho" <user@example.net> |
|---|---|
| Newsgroups | comp.databases.mysql |
| Subject | Re: Escaping Strings |
| Date | 2024-08-19 11:24 +0200 |
| Message-ID | <ligh9mFb2hjU1@mid.individual.net> (permalink) |
| References | <v748rm$tapm$2@dont-email.me> |
On 16/07/2024 00.46, Lawrence D'Oliveiro wrote:
> In standard SQL, backslashes have no special significance. String literals
> are delimited by single quotes, and any characters (except single quotes)
> are allowed in them; to include a single quote in the string, write it
> twice.
>
> So in Python, this expression is sufficient to turn a string āsā into a
> standard SQL string literal:
>
> "'" + s.replace("'", "''") + "'"
I would looked into using parameterized queries, here is a python example
https://pynative.com/python-mysql-execute-parameterized-query-using-prepared-statement/
--
//Aho
Back to comp.databases.mysql | Previous | Next — Previous in thread | Next in thread | Find similar
Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-07-15 22:46 +0000
Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-19 11:24 +0200
Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-08-23 02:33 +0000
Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-23 07:52 +0200
Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-08-24 22:49 +0000
Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-25 09:27 +0200
Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-09-05 06:11 +0000
csiph-web