In message <[EMAIL PROTECTED]>, Duncan Booth wrote:
> Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
>
>> def EscapeSQLWild(Str) :
>> """escapes MySQL pattern wildcards in Str."""
>> Result = []
>> for Ch in str(Str) :
>> if Ch == "%" or Ch == "_" :
>> Result.append("\\")
>> #end if
>> Result.append(Ch)
>> #end for
>> return "".join(Result)
>> #end EscapeSQLWild
>
> That doesn't quite work. If you want to stop wildcards being interpreted
> as such in a string used as a parameter to a query, then you have to
> escape the escape character as well.
That's part of the separation of function. Note that the above function does
not generate a MySQL string literal: you must still put it through the
previously-defined SQLString routine, which will automatically escape all
the specials added by EscapeSQLWild.
--
http://mail.python.org/mailman/listinfo/python-list
