[Solved] enforce triple quotes around strings in python [closed]

Question

I don’t understand your problem:

def get_dangerous_query():
    # do some database access
    # For a demo, just return what we know the table contains
    return "SELECT * FROM TABLE WHERE COL1 = '%s' and COL2 = '%s'"

qry = get_dangerous_query() % (var1, var2)

""" vs " only has an effect on string literals. Quotes are completely meaningless if a string comes from an external source.

Accepted Answer

I don’t understand your problem:

def get_dangerous_query():
    # do some database access
    # For a demo, just return what we know the table contains
    return "SELECT * FROM TABLE WHERE COL1 = '%s' and COL2 = '%s'"

qry = get_dangerous_query() % (var1, var2)

""" vs " only has an effect on string literals. Quotes are completely meaningless if a string comes from an external source.