*can you build something like
def new_sql_string(var_to_regex):
var_to_regext = re....
sql_str="SELECT....
sql_str+="more sql %s " % **var_to_regex
return new_sql
?
since you're regex'ing the input - you should be safe to use the %s - esp if
you're using the built in web safe layer in import web (vars={....})?
*-----------------------
Visit
http://www.superantispyware.com/superantispyware.html?rid=3971 Remove All
The Spyware - Not Just The Easy Ones!
http://1-4-u.info | Don't send insanely long links!
Need a Pick-Me-Up? http://quotes.feedtheguru.com
On Tue, Jun 29, 2010 at 11:11 PM, Oskar <[email protected]> wrote:
> Hey!
>
> I'm putting together an SQL statement and I want to escape user input
> strings, but I don't want ' ' surrounding them, because they are part
> of a regexp. Is there a way to get rid of the ' ' or is there another
> way to escape user input?
>
> --
> You received this message because you are subscribed to the Google Groups
> "web.py" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected] <webpy%[email protected]>.
> For more options, visit this group at
> http://groups.google.com/group/webpy?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/webpy?hl=en.
