Python MySQLdb.escape_string() Examples

The following are 10 code examples of MySQLdb.escape_string(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module MySQLdb , or try the search function .
Example #1
Source File: mdf_mysql_converter.py    From Wilayah-Administratif-Indonesia with MIT License 6 votes vote down vote up 
def write_provinces(path):
    write_insert_header("provinces")

    counter = 0
    rows = csv_to_list(path)
    last_row = len(rows) - 1
    for row in rows:
        if (counter % SPLIT_ROWS == 0):
            print "INSERT INTO `provinces` VALUES"
        if (counter == last_row or counter % SPLIT_ROWS == SPLIT_ROWS - 1):
            print "  ('%s', '%s');" % (row[0], MySQLdb.escape_string(row[1]))
        else:
            print "  ('%s', '%s')," % (row[0], MySQLdb.escape_string(row[1]))
        counter += 1

    write_insert_footer("provinces")
Example #2
Source File: mysql.py    From asm3 with GNU General Public License v3.0 6 votes vote down vote up 
def escape(self, s):
        """ Makes a string value safe for database queries
        """
        if s is None: return ""
        if asm3.utils.is_str(s):
            s = MySQLdb.escape_string(s)
            s = asm3.utils.bytes2str(s) # MySQLdb.escape_string can return bytes on python3
        elif asm3.utils.is_unicode(s):
            # Encode the string as UTF-8 for MySQL escape_string 
            # then decode it back into unicode before continuing
            s = s.encode("utf-8")
            s = MySQLdb.escape_string(s)
            s = s.decode("utf-8")
        # This is historic - ASM2 switched backticks for apostrophes so we do for compatibility
        s = s.replace("'", "`")
        return s
Example #3
Source File: mysql_escape_warp.py    From iOS-private-api-checker with GNU General Public License v2.0 5 votes vote down vote up 
def _str_escape(s, d):
    if s == None:
        return ''
    return MySQLdb.escape_string(s)
Example #4
Source File: mysql_escape_warp.py    From iOS-private-api-checker with GNU General Public License v2.0 5 votes vote down vote up 
def mysql_escape(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        newargs = []
        #先转义参数,再执行方法
        for arg in args:
            #字符串,包括中文
            if type(arg) is types.StringType or type(arg) is types.UnicodeType:
                newargs.append(MySQLdb.escape_string(arg))
            
            #字典    
            elif isinstance(arg, dict):
                newargs.append(MySQLdb.escape_dict(arg, {
                                                         types.StringType: _str_escape,
                                                         types.UnicodeType: _str_escape,
                                                         types.IntType: _no_escape,
                                                         types.FloatType: _no_escape
                                                         }))
            #其他类型不转义
            else:
                newargs.append(arg)
                
        newargs = tuple(newargs)
        
        func = f(*newargs, **kwargs)
        
        return func
    return decorated_function
Example #5
Source File: mysqlutil.py    From pykit with MIT License 5 votes vote down vote up 
def _safe(s):
    return '"' + MySQLdb.escape_string(str(s)) + '"'
Example #6
Source File: mdf_mysql_converter.py    From Wilayah-Administratif-Indonesia with MIT License 5 votes vote down vote up 
def write_insert_body(table_name, rows):
    counter = 0
    last_row = len(rows) - 1
    for row in rows:
        if (counter % SPLIT_ROWS == 0):
            print "INSERT INTO `%s` VALUES" % (table_name)
        if (counter == last_row or counter % SPLIT_ROWS == SPLIT_ROWS - 1):
            print("  ('%s', '%s', '%s');"
                  % (row[0], row[1], MySQLdb.escape_string(row[2])))
        else:
            print("  ('%s', '%s', '%s'),"
                  % (row[0], row[1], MySQLdb.escape_string(row[2])))
        counter += 1
Example #7
Source File: run.py    From Malicious_Domain_Whois with GNU General Public License v3.0 5 votes vote down vote up 
def genstr(str1):
    if str1:
        return "'" + MySQLdb.escape_string(str1) + "'"
    else:
        return "''"
Example #8
Source File: run.py    From Malicious_Domain_Whois with GNU General Public License v3.0 5 votes vote down vote up 
def genstr(str1):
    if str1:
        return "'" + MySQLdb.escape_string(str1) + "'"
    else:
        return "''"
Example #9
Source File: sql.py    From django-find with MIT License 5 votes vote down vote up 
def _mk_condition(db_column, operator, data):
    op = operator_map.get(operator)
    if not op:
        raise Exception('unsupported operator:' + str(operator))

    # I would prefer to use a prepared statement, but collecting arguments
    # and passing them back along the string everywhere would be awful design.
    # (Also, I didn't find any API from Django to generate a prepared statement
    # without already executing it, e.g. django.db.connection.execute())
    if isinstance(data, int):
        return db_column+op.format(data)
    return db_column+op.format(escape_string(data).decode('utf-8'))
Example #10
Source File: registration_sensor.py    From st2incubator with Apache License 2.0 4 votes vote down vote up 
def _check_new_registration(self, email):
        email = MySQLdb.escape_string(email)
        c = self.db.cursor()
        query = 'SELECT * FROM user_registration WHERE email="%s"' % email
        try:
            c.execute(query)
            self.db.commit()
        except MySQLdb.Error, e:
            self.logger.info(str(e))
            return False