> never, never, never try quoting on your own! You can only fail. The
> only choice is to fail now or later.
Nonetheless, in case it's useful, here's a barebones wrapper I call on
everything:
def sqlValue (value):
if value is None:
return "NULL"
elif type(value) == types.StringType:
value = value.replace("'", "''")
# This is Postgres-specific - sigh
value = value.replace("\\", "\\\\")
return "'" + value + "'"
elif type(value) == types.UnicodeType:
return "'" + value.encode("UTF-8") + "'"
else:
return repr(value)
This has worked for me for several years, although I'm certain someone
will immediately poke holes in it. That's the other reason I posted
it!
- John Burger
MITRE