On Tue, Oct 12, 2010 at 9:53 AM, Steve Holden <holden...@gmail.com> wrote:
> ...
> but I can't off-hand remember which ones. If the back-end doesn't allow
> that then you have little option but to generate your own SQL. The
> required escape function is extremely simple:
>
> def sqlesc(s):
> return replace("'", "''")
Am I going brain dead, or isn't there more than just quotation marks that
need to be replaced?
This code is a back-end processing script, so there is no danger of SQL
injection by anybody (except me).
Nick
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
