Python等同于mysql_real_escape_string，用于将字符串安全地放入MySQL? [英] Python equivalent of mysql_real_escape_string, for getting strings safely into MySQL?

问题描述

是否有Python等同于PHP的mysql_real_escape_string?

Is there a Python equivalent of PHP's mysql_real_escape_string?

我正尝试直接从Python向MySQL db中插入一些字符串，并不断被字符串中的引号绊倒.

I'm trying to insert some strings into a MySQL db direct from Python, and keep getting tripped up by quotes in the strings.

mysql_string = "INSERT INTO candidate (name, address) VALUES  " 
for k, v in v_dict.iteritems():
    mysql_string += " ('" + v_dict['name'] + "', '" + v_dict['address'] + "'), "
mysql_string += ";"
cursor.execute(mysql_string)

我已经尝试过re.escape()，但这会转义字符串中的每个非字母数字字符，这不是我所需要的-在这种情况下，我只需要转义单引号(一般来说，其他可能会跳出的内容) MySQL).

I've tried re.escape() but that escapes every non-alphanumeric character in the strings, which isn't what I need - I just need to escape single quotes in this instance (plus more generally anything else that might trip up MySQL).

我想可以手动执行此操作，但是在Python中有更聪明的方法吗?

Could do this manually I guess, but is there a smarter way to do it in Python?

推荐答案

如果您使用的是mysql-python，只需尝试

If you are using mysql-python, just try

MySQLdb.escape_string(SQL)

示例

>>> import MySQLdb
>>> MySQLdb.escape_string("'")
"\\'"

这篇关于Python等同于mysql_real_escape_string，用于将字符串安全地放入MySQL?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！