[Twisted-Python] quoting strings in db transactions
andrew-twisted at puzzling.org
Tue Feb 18 19:29:07 EST 2003
On Tue, Feb 18, 2003 at 05:08:23PM +0100, Federico Di Gregorio wrote:
> hi *,
> i'm going through the twisted.enterprise python code and i find almost
> everywhere commens as:
> Make a string safe to include in an SQL statement
> escape_string(self, text)
> Escape a string for use in an SQL statement.
> imho, this is plain wrong. twisted uses dbapi compliant adapters and
> they *should* provide safe argument quoting (as per DBAPI-2.0.) it is
> almost impossible to manage the quoting the right way for every db
> adapter, but it is possible to call the driver the right way and let it
> do the quoting.
They should provide it -- but they provide it differently, which
unfortunately DBAPI-2.0 allows. See the docs for the 'paramstyle' module
I don't see any sane way to provide safe automatic quoting in adbapi, but
I'd love to be proved wrong.
> also, how much mature is the enterprise code? it is a stable API or
> there is space for contributions?
The module and package docstrings don't have a "Stability: ..." line, so
the API is officially unstable. Patches are welcome :)
More information about the Twisted-Python