Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

python and sqlite - escape input

Using python with a sqlite DB - whats the method used for escaping the data going out and pulling the data coming out?

Using pysqlite2

Google has conflicting suggestions.

like image 217
Wizzard Avatar asked Oct 17 '10 08:10

Wizzard


1 Answers

Use the second parameter args to pass arguments; don't do the escaping yourself. Not only is this easier, it also helps prevent SQL injection attacks.

cursor.execute(sql,args)

for example,

cursor.execute('INSERT INTO foo VALUES (?, ?)', ("It's okay", "No escaping necessary") )
like image 102
unutbu Avatar answered Sep 26 '22 03:09

unutbu