I use Python and MySQLdb to download web pages and store them into database. The problem I have is that I can't save complicated strings in the database because they are not properly escaped.
Is there a function in Python that I can use to escape a string for MySQL? I tried with ''' (triple simple quotes) and """, but it didn't work. I know that PHP has mysql_escape_string(), is something similar in Python?
Thanks.
conn.escape_string() See MySQL C API function mapping: http://mysql-python.sourceforge.net/MySQLdb.html
The MySQLdb library will actually do this for you, if you use their implementations to build an SQL query string instead of trying to build your own.
Don't do:
sql = "INSERT INTO TABLE_A (COL_A,COL_B) VALUES (%s, %s)" % (val1, val2) cursor.execute(sql) Do:
sql = "INSERT INTO TABLE_A (COL_A,COL_B) VALUES (%s, %s)" cursor.execute(sql, (val1, val2)) Use sqlalchemy's text function to remove the interpretation of special characters:
Note the use of the function text("your_insert_statement") below. What it does is communicate to sqlalchemy that all of the questionmarks and percent signs in the passed in string should be considered as literals.
import sqlalchemy from sqlalchemy import text from sqlalchemy.orm import sessionmaker from datetime import datetime import re engine = sqlalchemy.create_engine("mysql+mysqlconnector://%s:%s@%s/%s" % ("your_username", "your_password", "your_hostname_mysql_server:3306", "your_database"), pool_size=3, pool_recycle=3600) conn = engine.connect() myfile = open('access2.log', 'r') lines = myfile.readlines() penguins = [] for line in lines: elements = re.split('\s+', line) print "item: " + elements[0] linedate = datetime.fromtimestamp(float(elements[0])) mydate = linedate.strftime("%Y-%m-%d %H:%M:%S.%f") penguins.append(text( "insert into your_table (foobar) values('%%%????')")) for penguin in penguins: print penguin conn.execute(penguin) conn.close()