I writing a python script for inserting of data in my postgres db.
Is in postgres a escape function how I can escape the inserted data?
Asked
Active
Viewed 1,014 times
1 Answers
5
Just pass query parameters as a second argument to execute, like:
>>> cur.execute(
... """INSERT INTO some_table (an_int, a_date, a_string)
... VALUES (%s, %s, %s);""",
... (10, datetime.date(2005, 11, 18), "O'Reilly"))
Then, all of the parameters will be properly escaped.
This is because psycopg2 follows Python Database API Specification v2.0 and supports safe parameterized queries.
Also see:
