>They escape the string in the manner appropriate to the database >backend being used. In the above case if you were using MySQL your >string would become:
Actually they use the parameter binding way of doing it: they pass both the SQL and a list of parameters to the DBAPI and so it's up to the database driver to do the right thing. bye, Georg
