[Twisted-Python] quoting strings in db transactions

Andrew Bennetts andrew-twisted at puzzling.org
Tue Feb 18 19:29:07 EST 2003

On Tue, Feb 18, 2003 at 05:08:23PM +0100, Federico Di Gregorio wrote:
> hi *,
> i'm going through the twisted.enterprise python code and i find almost
> everywhere commens as:
>         safe(text) 
>         Make a string safe to include in an SQL statement
> or 
>         escape_string(self, text) 
>         Escape a string for use in an SQL statement.
> imho, this is plain wrong. twisted uses dbapi compliant adapters and
> they *should* provide safe argument quoting (as per DBAPI-2.0.) it is
> almost impossible to manage the quoting the right way for every db
> adapter, but it is possible to call the driver the right way and let it
> do the quoting.

They should provide it -- but they provide it differently, which
unfortunately DBAPI-2.0 allows.  See the docs for the 'paramstyle' module
attribute at:

I don't see any sane way to provide safe automatic quoting in adbapi, but
I'd love to be proved wrong.

> also, how much mature is the enterprise code? it is a stable API or
> there is space for contributions?

The module and package docstrings don't have a "Stability: ..." line, so
the API is officially unstable.  Patches are welcome :)


More information about the Twisted-Python mailing list