0

I have a SQL statement as a string in Python:

"""SELECT * FROM table WHERE keyword = '{keyword}'""".format(keyword=term)

Currently the above works for most terms, except those that have an apostrophe, which I understand is due to the double quote.

term = 'cat' is OKAY

term = 'cat's ball' is NOT OKAY

How can I format this string properly to allow for apostrophes in the term string being passed to format?

Melanie
  • 1,787
  • 3
  • 12
  • 15
  • By not using `.format` in the first place, but rather the correct way to escape SQL given the library you're using. Show us how you're executing this SQL. – Alex Hall Nov 07 '16 at 19:54
  • I am using it with `pandas` function `pd.read_sql`. – Melanie Nov 07 '16 at 19:57
  • Then see http://stackoverflow.com/a/24418294/2482744 and [the docs of `read_sql`](http://pandas.pydata.org/pandas-docs/stable/generated/pandas.read_sql.html). – Alex Hall Nov 07 '16 at 20:01
  • Do you still want copy and paste code example, or are you good? – Eugene Nov 07 '16 at 20:31
  • I'm good. Just took away `.format` and instead used the `params` arguments of `pd.read_sql()` – Melanie Nov 07 '16 at 22:06

0 Answers0