Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Escape string Python for MySQL

Tags:

python

mysql

escaping

I use Python and MySQLdb to download web pages and store them into database. The problem I have is that I can't save complicated strings in the database because they are not properly escaped.

Is there a function in Python that I can use to escape a string for MySQL? I tried with ''' (triple simple quotes) and """, but it didn't work. I know that PHP has mysql_escape_string(), is something similar in Python?

Thanks.

like image 265
Laurențiu Dascălu Avatar asked Sep 01 '10 10:09

Laurențiu Dascălu

4 Answers

conn.escape_string()

See MySQL C API function mapping: http://mysql-python.sourceforge.net/MySQLdb.html

like image 177
miku Avatar answered Nov 15 '22 11:11

miku

The MySQLdb library will actually do this for you, if you use their implementations to build an SQL query string instead of trying to build your own.

Don't do:

sql = "INSERT INTO TABLE_A (COL_A,COL_B) VALUES (%s, %s)" % (val1, val2)
cursor.execute(sql)

Do:

sql = "INSERT INTO TABLE_A (COL_A,COL_B) VALUES (%s, %s)"
cursor.execute(sql, (val1, val2))
like image 36
User Avatar answered Nov 15 '22 11:11

User

 
>>> import MySQLdb
>>> example = r"""I don't like "special" chars ¯\_(ツ)_/¯"""
>>> example
'I don\'t like "special" chars \xc2\xaf\\_(\xe3\x83\x84)_/\xc2\xaf'
>>> MySQLdb.escape_string(example)
'I don\\\'t like \\"special\\" chars \xc2\xaf\\\\_(\xe3\x83\x84)_/\xc2\xaf'
like image 19
Martin Thoma Avatar answered Nov 15 '22 09:11

Martin Thoma

Use sqlalchemy's text function to remove the interpretation of special characters:

Note the use of the function text("your_insert_statement") below. What it does is communicate to sqlalchemy that all of the questionmarks and percent signs in the passed in string should be considered as literals. 

import sqlalchemy
from sqlalchemy import text
from sqlalchemy.orm import sessionmaker
from datetime import datetime
import re

engine = sqlalchemy.create_engine("mysql+mysqlconnector://%s:%s@%s/%s"
     % ("your_username", "your_password", "your_hostname_mysql_server:3306",
     "your_database"),
     pool_size=3, pool_recycle=3600)

conn = engine.connect()

myfile = open('access2.log', 'r')
lines = myfile.readlines()

penguins = []
for line in lines:
   elements = re.split('\s+', line)

   print "item: " +  elements[0]
   linedate = datetime.fromtimestamp(float(elements[0]))
   mydate = linedate.strftime("%Y-%m-%d %H:%M:%S.%f")

   penguins.append(text(
     "insert into your_table (foobar) values('%%%????')"))

for penguin in penguins:
    print penguin
    conn.execute(penguin)

conn.close()
like image 4
Eric Leschinski Avatar answered Nov 15 '22 10:11

Eric Leschinski
Sign in to Comment

Related questions

How to convert string to byte array in Python
How to create a new text file using Python
subprocess wildcard usage
Running Selenium with Headless Chrome Webdriver
TypeError: only length-1 arrays can be converted to Python scalars while trying to exponentially fit data
Python Array with String Indices
How to elegantly check the existence of an object/instance/variable and simultaneously assign it to variable if it exists in python?
Split a string only by first space in python
Remove substring only at the end of string
interactive shell debugging with pycharm
Cross-platform space remaining on volume using python
ConvergenceWarning: Liblinear failed to converge, increase the number of iterations
Python pickling after changing a module's directory
What's a quick one-liner to remove empty lines from a python string?
Efficient way of having a function only execute once in a loop
Which is the best way to check for the existence of an attribute? [duplicate]
What is the difference between int() and floor() in Python 3?
Turn string into operator
Round integers to the nearest 10
Checking if a website is up via Python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!