Lawrence D'Oliveiro wrote: > In message <[EMAIL PROTECTED]>, Duncan Booth wrote: > > >>However, your QuoteSQL messes up every time because it wraps double >>quotes round the whole string, so it isn't suitable for use with >>parameterised queries at all. If you care to modify it to work in that >>situation I think you'll find that the only characters you need to quote >>are \, % and _. > > > That won't work--that puts you into stupid mistake number 2. > > I think autoquoting is fine as far as it goes. But it cannot cope with > wildcards, since it can't tell whether the string is being used in a LIKE > clause without doing its own parsing of the MySQL query. And there are > situations where you cannot rely on it, as in the QuoteSQLList example I > gave earlier. This is why my QuoteSQL function cannot be designed to work > together with autoquoting, but has to be used as a complete replacement for > it. > > >>In particular it currently turns newlines in backslash followed by n which >>(since MySQL ignores the extra backslash escape) is equivalent to turning >>newlines into the character n. > > > But \n is valid MySQL syntax for a newline.
Phew. It's a good hob that MySQL is the only database in the known universe, then, isn't it. regards Steve -- Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC/Ltd http://www.holdenweb.com Skype: holdenweb http://holdenweb.blogspot.com Recent Ramblings http://del.icio.us/steve.holden -- http://mail.python.org/mailman/listinfo/python-list
