I've tried all manner of Python modules and they either escape too much or in the wrong way. What's the best way you've found to escape quotes [", '] in Python?
user7610
22.2k12 gold badges111 silver badges134 bronze badges
asked May 22, 2009 at 9:16
Jonathan PriorJonathan Prior
5,8847 gold badges28 silver badges26 bronze badges
2
If it's part of a Database query you should be able to use a Parameterized SQL Statement.
As well as escaping your quotes, this will deal with all special characters and will protect you from SQL injection attacks.
Samuel Liew♦
73.6k106 gold badges157 silver badges238 bronze badges
answered May 22, 2009 at 9:30
David WebbDavid Webb
187k57 gold badges308 silver badges298 bronze badges
7
Use json.dumps
.
>>> import json
>>> print json.dumps['a"bc']
"a\"bc"
answered Feb 18, 2013 at 6:25
2
The easy and standard way to escape strings, and convert other objects to programmatic form, is to use the built in repr[]
function. It converts an object into the representation you would need to enter it with manual code.
E.g.:
s = "I'm happy I am \"here\" now"
print repr[s]
>> 'I\'m happy I am "here" now'
No weird hacks, it's built in and it just works for most purposes.
Caner
54.8k35 gold badges169 silver badges175 bronze badges
answered Dec 3, 2012 at 3:27
GregDGregD
7357 silver badges14 bronze badges
3
Triple single quotes will conveniently encapsulate the single quotes often used in SQL queries:
c.execute['''SELECT sval FROM sdat WHERE instime > NOW[] - INTERVAL '1 days' ORDER BY instime ASC''']
answered Jan 30, 2018 at 23:51
RoyRoy
2622 silver badges8 bronze badges
If using psycopg2, its execute[]
method has built-in escaping:
cursor.execute["SELECT column FROM table WHERE column=%s AND column2=%s", [value1, value2]]
Note, that you are giving two arguments to execute method [string and tuple], instead of using Python's % operator to modify string.
Answer stolen from here: psycopg2 equivalent of mysqldb.escape_string?
Dan Getz
8,2766 gold badges30 silver badges61 bronze badges
answered Jun 18, 2016 at 12:36
ex4ex4
2,1301 gold badge11 silver badges19 bronze badges
For a solution to a more generic problem, I have a program where I needed to store any set of characters in a flat file, tab delimited. Obviously, having tabs in the 'set' was causing problems.
Instead of output_f.write[str], I used output_f.write[repr[str]], which solved my problem. It is slower to read, as I need to eval[] the input when I read it, but overall, it makes the code cleaner because I don't need to check for fringe cases anymore.
answered Mar 11, 2010 at 22:28
1
Triple-double quotes are best for escaping:
string = """This will span across 'single quotes', "double quotes", and literal EOLs all in the same string."""
answered Jan 27, 2012 at 1:44
1
For my use case, I was saving a paragraph against the database and somewhere in the paragraph there might have been some text with a single quote [example: Charlie's apple sauce was soggy]
I found this to work best:
database_cursor.execute['''INSERT INTO books.collection [book_name, book_quoted_text] VALUES ['%s', "%s"]''' % [book_name, page_text.strip[]]]
You'll notice that I use ""
after wrapping the INSERT statement in '''
answered May 16, 2019 at 0:51
dataviewsdataviews
1,8814 gold badges16 silver badges54 bronze badges