using re.escape to quote params with metachars

7 years ago · 5130e17a96
1 changed files with 2 additions and 1 deletions
--- a/android_db.py
+++ b/android_db.py
@ -32,7 +32,8 @@ class AndroidSQLConn:
        new_str = ','.join(map(
            AndroidSQLConn._quote_param_,params[:n_params]
            ))
-        return param_str.sub(new_str,SQL,1)
+        print(*map(repr,(new_str,SQL)))
+        return param_str.sub(re.escape(new_str),SQL,1)
    def execute(self,SQL,params = None):
        if params:
            SQL = AndroidSQLConn._sub_params_(SQL,params)