Eric V. Smith <e...@trueblade.com> added the comment:
re.escape() is designed to only escape characters that have special meaning in regular expressions. It is not a general purpose escaping mechanism, and it is especially dangerous to use it for building SQL statements. You should be using parameterized SQL queries. See https://en.wikipedia.org/wiki/SQL_injection and for example https://stackoverflow.com/questions/1633332/how-to-put-parameterized-sql-query-into-variable-and-then-execute-in-python In any event, it seems that re.escape() is working as designed, so I'm going to close this. ---------- resolution: -> not a bug stage: test needed -> resolved status: open -> closed _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37106> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
