1

I understand from the following post that Python equivalent of mysql_real_escape_string can be tested using two lines of code that can be found on the following stack link. I can not get the desired output so I figured I would reopen the discussion for help on my isolated matter.

Related stack overflow link:

Python equivalent of mysql_real_escape_string, for getting strings safely into MySQL?

Why would those two lines of code work for someone but not on my machine?

root@dev:~# python
Python 2.7.10 (default, Oct 14 2015, 16:09:02)
[GCC 5.2.1 20151010] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import MySQLdb
>>> MySQLdb.escape_string("'")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: must be impossible<bad format char>, not str
Improve this question
0

1 Answer 1

Reset to default
1

The answer in that first question could not be more wrong. You should just be using the builtin parameter passing argument to the DB api.

cursor.execute("INSERT INTO candidate (name, address) VALUES  (?,?)",
                (v_dict['name'], v_dict['address']))

It will safely escape the parameters for you.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Why do you think I am getting that error though? It will not accept the string!
no idea, it's a wrapper around a C function, and the mysql dev documentation says 'Do not use this function', so....
I am not using that function! I am using real_escape_string. Call me crazy but the MySQLdb User's Guide mysql-python.sourceforge.net/MySQLdb.html states that mysql_real_escape_string() = conn.escape_string()

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.