Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote:
> In message <[EMAIL PROTECTED]>, LI wrote:
>
>>>>> execfile("QuoteSQL.py")
>>>>> EscapeSQLWild(r"\%")
>> '\\\\%'
>>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%")
>> '"%\\\\\\\\%%"'
>>>>> EscapeSQLWild(r"\%") == r"\\%"
>> True
>>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%") == r'"%\\\\%%"'
>> True
>
> With the correction to EscapeSQLWild, this becomes:
>
>>>> execfile("QuoteSQL.py")
>>>> EscapeSQLWild(r"\%")
> '\\\\\\%'
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%")
> '"%\\\\\\\\\\\\%%"'
>>>> EscapeSQLWild(r"\%") == r"\\\%"
> True
>>>> SQLString("%" + EscapeSQLWild(r"\%") + "%") == r'"%\\\\\\%%"'
> True
>
True but irrelevant. The point is that it isn't relevant whether you are
seeing 4, 6, 8, or 12 backslashes, because you wrote the code to produce
the number you thought you wanted and you had misunderstood how MySQL
works. That's why it is important in a situation like this to test against
the code that actually uses the string. I had no idea how MySQL would
handle escapes in this situation, but I didn't need to know, I just wrote
some tests and figured out which strings would make them pass or fail.
Anyway, congratulations on finally getting the message.
--
http://mail.python.org/mailman/listinfo/python-list
