The Patches for Non-standard SQLs¶
If you are using MySQL or SQLite, you will need one of the patches here. Just import them.
For MySQL — mosql.mysql
¶
It applies the MySQL-specific stuff to mosql.util
.
The usage:
import mosql.mysql
If you want to patch again:
mosql.mysql.patch()
It will replace the functions in mosql.util
with its functions.
-
mosql.mysql.
escape
(s)[source]¶ This function escapes the s into a executable SQL.
>>> print(escape('\0\n\r\\\'\"\x1A\b\t')) \0\n\r\\\'\"\Z\b\t
>>> tmpl = "select * from person where person_id = '%s';" >>> evil_value = "' or true; --"
>>> print(tmpl % escape(evil_value)) select * from person where person_id = '\' or true; --';
-
mosql.mysql.
fast_escape
(s)[source]¶ This function only escapes the
\
(backslash) and'
(single-quote).It is enough for security and correctness, and it is faster 50x than using the
escape()
, so it is used for replacing themosql.util.escape()
after you import this module.
For SQLite — mosql.sqlite
¶
It applies the SQLite-specific stuff to mosql.util
.
The usage:
import mosql.sqlite
If you want to patch again:
mosql.sqlite.patch()
It will replace the functions in mosql.util
with its functions.
Back to Standard — mosql.std
¶
It applies the standard functions to mosql.util
.
The usage:
import mosql.std
If you want to patch again:
mosql.std.patch()
It will replace the functions in mosql.util
with original standard functions.
New in version 0.10.