Revision 643
Added by Aaron Marcuse-Kubitza almost 13 years ago
| lib/sql.py | ||
|---|---|---|
| 36 | 36 |
if re.search(r'\W', name) != None: raise NameException('Name "'+name
|
| 37 | 37 |
+'" may contain only alphanumeric characters and _') |
| 38 | 38 |
|
| 39 |
def esc_name(db, name): |
|
| 40 |
module = util.root_module(db) |
|
| 41 |
if module == 'psycopg2': quote = '"' |
|
| 42 |
elif module == 'MySQLdb': quote = '`' |
|
| 43 |
else: raise NotImplementedError("Can't escape names for "+module+
|
|
| 44 |
' database') |
|
| 45 |
return quote + name.replace(quote, '') + quote |
|
| 46 |
|
|
| 39 | 47 |
def run_query(db, query, params=None): |
| 40 | 48 |
cur = db.cursor() |
| 41 | 49 |
try: cur.execute(query, params) |
Also available in: Unified diff
sql.py: Added esc_name() to escape identifiers like column names