The Patches for Non-standard SQLs¶
If you are using MySQL or SQLite, you will need one of the patches here. Just import them.
For MySQL — mosql.mysql¶
It applies the MySQL-specific stuff to mosql.util.
The usage:
import mosql.mysql
If you want to patch again:
mosql.mysql.patch()
It will replace the functions in mosql.util with its functions.
-
mosql.mysql.escape(s)[source]¶ This function escapes the s into a executable SQL.
>>> print(escape('\0\n\r\\\'\"\x1A\b\t')) \0\n\r\\\'\"\Z\b\t
>>> tmpl = "select * from person where person_id = '%s';" >>> evil_value = "' or true; --"
>>> print(tmpl % escape(evil_value)) select * from person where person_id = '\' or true; --';
-
mosql.mysql.fast_escape(s)[source]¶ This function only escapes the
\(backslash) and'(single-quote).It is enough for security and correctness, and it is faster 50x than using the
escape(), so it is used for replacing themosql.util.escape()after you import this module.
For SQLite — mosql.sqlite¶
It applies the SQLite-specific stuff to mosql.util.
The usage:
import mosql.sqlite
If you want to patch again:
mosql.sqlite.patch()
It will replace the functions in mosql.util with its functions.
Back to Standard — mosql.std¶
It applies the standard functions to mosql.util.
The usage:
import mosql.std
If you want to patch again:
mosql.std.patch()
It will replace the functions in mosql.util with original standard functions.
New in version 0.10.