[Zope-DB] Properly quoting string in ZSQLMethod for Postgresql (psycopg2)

Maciej Zięba krokodylek at tenbit.pl
Wed Aug 9 06:53:49 EDT 2006


Hi :)

I need to insert a python string into Postgresql's text field. I'm using
a ZSQLMethod with ZPsycopgDA and the template looks like this:


'INSERT INTO records (zope_id, title, long_description)
VALUES (<dtml-sqlvar zope_id type="string">,
<dtml-sqlvar title type="string">,
<dtml-sqlvar long_description type="string">)'


long_description is the text field.

With most of my data it works fine, but there are some "long
descriptions" that are really complicated with lots of quotes (both
singular ', as well as double ") and what's worse - they have SQL syntax
inside!

For those descriptions my ZSQLMethod fails with "Programming Error" :(

I really don't know what to do... I've read about dollar-quoting:

http://www.postgresql.org/docs/8.1/static/sql-syntax.html#SQL-SYNTAX-CONSTANTS

but simply adding '$$' at the beginning and at the end of the
description does nothing.

How can I insert such strings into the database? I really need help. Any
suggestions are really appreciated.

Best regards,
Maciej


More information about the Zope-DB mailing list