A good way to escape quotes in a database query string?

Question

I\'ve tried all manner of Python modules and they either escape too much or in the wrong way. What\'s the best way you\'ve found to escape quotes (\", \') in Python?

Answer 1

If using psycopg2, its execute() method has built-in escaping:

cursor.execute("SELECT column FROM table WHERE column=%s AND column2=%s", (value1, value2))

Note, that you are giving two arguments to execute method (string and tuple), instead of using Python's % operator to modify string.

Answer stolen from here: psycopg2 equivalent of mysqldb.escape_string?