Python sqlite escape single quote
I have a python script that reads raw movie text files into an sqlite database. I use re.escape(title) to add escape chars into the strings to make them db safe before executing the inserts. Why does this not work:
Yet this works (removed \' in two places) :
I can't figure it out. I also can't ditch those leading quotes because they're actually part of the movie title. Thank you.
Lesmana 24.5k8 gold badges80 silver badges86 bronze badges asked Jul 10, 2010 at 16:41
rajat banerjeerajat banerjee 1,1982 gold badges11 silver badges19 bronze badges You're doing it wrong. Literally. You should be using parameters, like this:
Like that, you won't need to do any quoting at all and (if those values are coming from anyone untrusted) you'll be 100% safe (here) from SQL injection attacks too. answered Jul 10, 2010 at 16:48
Donal FellowsDonal Fellows 128k18 gold badges141 silver badges209 bronze badges 9
Note that answered Jul 10, 2010 at 17:08
Alex MartelliAlex Martelli 824k163 gold badges1203 silver badges1380 bronze badges SQLite doesn't support backslash escape sequences. Apostrophes in string literals are indicated by doubling them: But, like Donal said, you should be using parameters. answered Jul 13, 2010 at 5:47
I've one simple tip you could use to handle this problem: When your SQL statement string has single quote:', then you could use double quote to enclose your statement string. And when your SQL statement string has double quotes:", then you could use single quote:" to enclose your statement string. E.g.
Or,
This solution works for me in Python environment. answered Aug 10, 2016 at 8:23
Clock ZHONGClock ZHONG 7357 silver badges22 bronze badges 3 I am using sqlite3 and created tables for the hybrid mobile applications. While executing insert query, it shows below error.
the line is,
The issue is about escape character for a single quote. I also tried double escaping the single quote (using \\\' instead of \' ), but that ain't work either. What did I miss? #sqlite #database |