DanTheMan
Reputation: 291
Pyodbc query string quote escaping
I'm trying to execute a query using pyodbc with this kind of code
cursor.execute("SELECT x from y where Name='%s'"%namepar)
The parameter may have a quote and so it needs to be escaped in order to work, how do i do thos? I tried by simply replacing " ' " with " \\' " in namepar and it still doesn't work, I get a pyodbc.ProgrammingError
Upvotes: 4
Views: 8378
Answers (2)
Dan Temkin
Reputation: 1605
You could also try putting an extra set of quotes around it. It worked in my use case.
cursor.execute("SELECT x from y where Name=''%s''" % namepar)
Upvotes: -4
falsetru
Reputation: 369074
You can pass parameters, and that will be escaped.
cursor.execute("SELECT x from y where Name = ?", (namepar,))
http://www.python.org/dev/peps/pep-0249/#id15
http://code.google.com/p/pyodbc/wiki/Cursor
Upvotes: 6
Related Questions
- A good way to escape quotes in a database query string?
- string in pypyodbc query not recognised
- Python -SQL String Escape Wildcards
- Python SQL DB string literals and escaping
- How can i escape this string for sql query?
- Python - special characters in SQL statement
- Escaping characters in SQL string for pypyodbc
- In Python how do I escape a single quote within a string that will be used as a SQL statement?
- Python - format single quote in SQL statement PyODBC
- String escape in SQL statement