elif type(field) is dict:
return "(%s)" % self._get_sql_query(db_name, field)
else:
- return "'%s'" % str(field)
+ return "'%s'" % str(field).replace("'", "''")
def _get_sql_query(self, db_name, query):
sql = "SELECT "
vals = []
for k, v in values.iteritems():
keys.append(k)
- if type(v) in (str, unicode):
- vals.append("'%s'" % v)
+ if type(v) is str:
+ vals.append("'%s'" % v.replace("'", "''"))
else:
vals.append(str(v))
sql = "INSERT INTO `%s`.`%s`(%s) VALUES (%s)" % (db_name, table_name, ",".join(keys), ",".join(vals))