Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote: > In message <[EMAIL PROTECTED]>, Duncan Booth wrote: > >> The spurious escaping of the apostrophe does no harm, but spuriously >> escaping a newline makes the select match the letter 'n' insteal of >> matching a newline. > > And how would you get my QuoteSQL routine, as written, to make the same > mistake you did?
If you think I made a mistake I'm afraid you'll have to tell me what it was. I'm unable to read your mind. However, your QuoteSQL messes up every time because it wraps double quotes round the whole string, so it isn't suitable for use with parameterised queries at all. If you care to modify it to work in that situation I think you'll find that the only characters you need to quote are \, % and _. Quoting anything else would be a mistake. In particular it currently turns newlines in backslash followed by n which (since MySQL ignores the extra backslash escape) is equivalent to turning newlines into the character n. -- http://mail.python.org/mailman/listinfo/python-list