Using python with a sqlite DB - whats the method used for escaping the data going out and pulling the data coming out?
Using pysqlite2
Google has conflicting suggestions.
Use the second parameter args
to pass arguments; don't do the escaping yourself. Not only is this easier, it also helps prevent SQL injection attacks.
cursor.execute(sql,args)
for example,
cursor.execute('INSERT INTO foo VALUES (?, ?)', ("It's okay", "No escaping necessary") )