sqlescapy

1.0.1 verified Fri May 01 auth: no python maintenance

sqlescapy is a Python library for escaping SQL special characters and quotes in strings. The latest version is 1.0.1, which supports Python >=2.7. It is a lightweight, single-function library with no dependencies. No major changes or breaking changes have been observed; it has been in maintenance mode with infrequent updates.

pip install sqlescapy

Common errors

error ImportError: cannot import name 'escape' from 'sqlescapy' ↓

cause Incorrect import of 'escape' instead of the correct function name 'sqlescape'.

fix

Use: from sqlescapy import sqlescape

error AttributeError: module 'sqlescapy' has no attribute 'escape' ↓

cause Trying to call sqlescapy.escape() when the function is sqlescapy.sqlescape().

fix

Import and call sqlescapy.sqlescape().

Warnings

gotcha The function is called 'sqlescape', not 'escape'. Many users mistakenly import 'escape' and get an ImportError. ↓

fix Use 'from sqlescapy import sqlescape'.

gotcha sqlescapy only escapes single quotes and backslashes. It does NOT prevent all SQL injection; parameterized queries are still recommended. ↓

fix Use parameterized statements (e.g., with database drivers) as the primary defense against SQL injection.

gotcha The library uses simple string replacement and may not handle all edge cases (e.g., Unicode, multibyte characters). ↓

fix Test thoroughly with your specific database character set, or consider using database-specific escaping functions.

Imports

escape
wrong
```
from sqlescapy import escape
```
correct
```
from sqlescapy import sqlescape
```
The correct function name is 'sqlescape', not 'escape'.

Quickstart

Import sqlescape and use it to escape potentially dangerous characters in SQL string literals.

from sqlescapy import sqlescape

# Escape a string for use in SQL
safe_string = sqlescape("O'Brien")
print(safe_string)  # Output: O\'Brien

# Also handles backslashes and other special characters
print(sqlescape("test\\value"))  # Output: test\\value