Azd325
Reputation: 6120
Escape input data for postgres
I writing a python script for inserting of data in my postgres db.
Is in postgres a escape function how I can escape the inserted data?
Upvotes: 2
Views: 1060
Answers (1)
alecxe
Reputation: 473763
Just pass query parameters as a second argument to execute, like:
>>> cur.execute(
... """INSERT INTO some_table (an_int, a_date, a_string)
... VALUES (%s, %s, %s);""",
... (10, datetime.date(2005, 11, 18), "O'Reilly"))
Then, all of the parameters will be properly escaped.
This is because psycopg2 follows Python Database API Specification v2.0 and supports safe parameterized queries.
Also see:
- Parameterized queries with psycopg2 / Python DB-API and PostgreSQL
- psycopg2 equivalent of mysqldb.escape_string?
Upvotes: 5
Related Questions
- How to escape reserved words in Python and Postgres SQL at the same time?
- psycopg2 equivalent of mysqldb.escape_string?
- Prevent sql injection with lists in python
- How to manually escape SQL literals in Python
- How to escape variable in a postgresql insert query into a python script?
- Escaping characters in Python Psycopg2 query
- psycopg2 escaping characters
- How to get sanitized postgres SQL string in python for later use?
- psycopg, double and single quotes insert
- Inserting strings into postgresql through pyscopg2