A good way to escape quotes in a database query string?

Posted on

Question :

A good way to escape quotes in a database query string?

I’ve tried all manner of Python modules and they either escape too much or in the wrong way.
What’s the best way you’ve found to escape quotes (“, ‘) in Python?

Answer #1:

If it’s part of a Database query you should be able to use a Parameterized SQL Statement.

As well as escaping your quotes, this will deal with all special characters and will protect you from SQL injection attacks.

Answered By: Dave Webb

Leave a Reply

Your email address will not be published. Required fields are marked *