I have a Sqlite3 table that I am trying to access with Python. All is working well except one table column where the value contains an apostrophe (eg. George's).
I have worked out the SQL
"SELECT * FROM table WHERE column1 = '" + value1 + "' and column2 = '" + value2 + "'"
but a syntax error results when value2 = George's
.
What is the correct Python syntax for this?
A good way to do this, is to use placeholders in your query to really avoid problems with SQL injection
here's a simple example:
code
#!/usr/bin/env python
import sqlite3
dbc = sqlite3.connect('test.db')
c = dbc.cursor()
name = "george's"
query = "select * from names where name = ?"
c.execute(query, (name,))
for row in c.fetchall():
print row
which outputs a tuple containing the row from the DB:
(1, u"george's")
the sqlite3 table:
sqlite> .schema names
CREATE TABLE names(id integer primary key asc, name char);
sqlite> select * from names;
1|george's
2|dave
3|george