Python MySQLdb.escape_string() Examples

The following are 10 code examples for showing how to use MySQLdb.escape_string(). These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example.

You may check out the related API usage on the sidebar.

You may also want to check out all available functions/classes of the module MySQLdb , or try the search function .

Example 1
Project: Wilayah-Administratif-Indonesia   Author: edwardsamuel   File: mdf_mysql_converter.py    License: MIT License 6 votes vote down vote up
def write_provinces(path):
    write_insert_header("provinces")

    counter = 0
    rows = csv_to_list(path)
    last_row = len(rows) - 1
    for row in rows:
        if (counter % SPLIT_ROWS == 0):
            print "INSERT INTO `provinces` VALUES"
        if (counter == last_row or counter % SPLIT_ROWS == SPLIT_ROWS - 1):
            print "  ('%s', '%s');" % (row[0], MySQLdb.escape_string(row[1]))
        else:
            print "  ('%s', '%s')," % (row[0], MySQLdb.escape_string(row[1]))
        counter += 1

    write_insert_footer("provinces") 
Example 2
Project: asm3   Author: bobintetley   File: mysql.py    License: GNU General Public License v3.0 6 votes vote down vote up
def escape(self, s):
        """ Makes a string value safe for database queries
        """
        if s is None: return ""
        if asm3.utils.is_str(s):
            s = MySQLdb.escape_string(s)
            s = asm3.utils.bytes2str(s) # MySQLdb.escape_string can return bytes on python3
        elif asm3.utils.is_unicode(s):
            # Encode the string as UTF-8 for MySQL escape_string 
            # then decode it back into unicode before continuing
            s = s.encode("utf-8")
            s = MySQLdb.escape_string(s)
            s = s.decode("utf-8")
        # This is historic - ASM2 switched backticks for apostrophes so we do for compatibility
        s = s.replace("'", "`")
        return s 
Example 3
Project: iOS-private-api-checker   Author: NetEaseGame   File: mysql_escape_warp.py    License: GNU General Public License v2.0 5 votes vote down vote up
def _str_escape(s, d):
    if s == None:
        return ''
    return MySQLdb.escape_string(s) 
Example 4
Project: iOS-private-api-checker   Author: NetEaseGame   File: mysql_escape_warp.py    License: GNU General Public License v2.0 5 votes vote down vote up
def mysql_escape(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        newargs = []
        #先转义参数,再执行方法
        for arg in args:
            #字符串,包括中文
            if type(arg) is types.StringType or type(arg) is types.UnicodeType:
                newargs.append(MySQLdb.escape_string(arg))
            
            #字典    
            elif isinstance(arg, dict):
                newargs.append(MySQLdb.escape_dict(arg, {
                                                         types.StringType: _str_escape,
                                                         types.UnicodeType: _str_escape,
                                                         types.IntType: _no_escape,
                                                         types.FloatType: _no_escape
                                                         }))
            #其他类型不转义
            else:
                newargs.append(arg)
                
        newargs = tuple(newargs)
        
        func = f(*newargs, **kwargs)
        
        return func
    return decorated_function 
Example 5
Project: pykit   Author: bsc-s2   File: mysqlutil.py    License: MIT License 5 votes vote down vote up
def _safe(s):
    return '"' + MySQLdb.escape_string(str(s)) + '"' 
Example 6
Project: Wilayah-Administratif-Indonesia   Author: edwardsamuel   File: mdf_mysql_converter.py    License: MIT License 5 votes vote down vote up
def write_insert_body(table_name, rows):
    counter = 0
    last_row = len(rows) - 1
    for row in rows:
        if (counter % SPLIT_ROWS == 0):
            print "INSERT INTO `%s` VALUES" % (table_name)
        if (counter == last_row or counter % SPLIT_ROWS == SPLIT_ROWS - 1):
            print("  ('%s', '%s', '%s');"
                  % (row[0], row[1], MySQLdb.escape_string(row[2])))
        else:
            print("  ('%s', '%s', '%s'),"
                  % (row[0], row[1], MySQLdb.escape_string(row[2])))
        counter += 1 
Example 7
Project: st2incubator   Author: StorminStanley   File: registration_sensor.py    License: Apache License 2.0 5 votes vote down vote up
def _check_new_registration(self, email):
        email = MySQLdb.escape_string(email)
        c = self.db.cursor()
        query = 'SELECT * FROM user_registration WHERE email="%s"' % email
        try:
            c.execute(query)
            self.db.commit()
        except MySQLdb.Error, e:
            self.logger.info(str(e))
            return False 
Example 8
Project: Malicious_Domain_Whois   Author: h-j-13   File: run.py    License: GNU General Public License v3.0 5 votes vote down vote up
def genstr(str1):
    if str1:
        return "'" + MySQLdb.escape_string(str1) + "'"
    else:
        return "''" 
Example 9
Project: Malicious_Domain_Whois   Author: h-j-13   File: run.py    License: GNU General Public License v3.0 5 votes vote down vote up
def genstr(str1):
    if str1:
        return "'" + MySQLdb.escape_string(str1) + "'"
    else:
        return "''" 
Example 10
Project: django-find   Author: knipknap   File: sql.py    License: MIT License 5 votes vote down vote up
def _mk_condition(db_column, operator, data):
    op = operator_map.get(operator)
    if not op:
        raise Exception('unsupported operator:' + str(operator))

    # I would prefer to use a prepared statement, but collecting arguments
    # and passing them back along the string everywhere would be awful design.
    # (Also, I didn't find any API from Django to generate a prepared statement
    # without already executing it, e.g. django.db.connection.execute())
    if isinstance(data, int):
        return db_column+op.format(data)
    return db_column+op.format(escape_string(data).decode('utf-8'))