问题
I'm trying to execute a query using pyodbc with this kind of code
cursor.execute("SELECT x from y where Name='%s'"%namepar)
The parameter may have a quote and so it needs to be escaped in order to work, how do i do thos? I tried by simply replacing " ' " with " \\' " in namepar and it still doesn't work, I get a pyodbc.ProgrammingError
回答1:
You can pass parameters, and that will be escaped.
cursor.execute("SELECT x from y where Name = ?", (namepar,))
http://www.python.org/dev/peps/pep-0249/#id15
http://code.google.com/p/pyodbc/wiki/Cursor
来源:https://stackoverflow.com/questions/17139487/pyodbc-query-string-quote-escaping