From dcf84dedf845dce2d70b129fd4573ac559026b79 Mon Sep 17 00:00:00 2001 From: Ethan Dalool Date: Tue, 15 Sep 2020 14:03:41 -0700 Subject: [PATCH] Escape single quotes by doubling them up. --- voussoirkit/sqlhelpers.py | 1 + 1 file changed, 1 insertion(+) diff --git a/voussoirkit/sqlhelpers.py b/voussoirkit/sqlhelpers.py index d33e8c5..46fa11a 100644 --- a/voussoirkit/sqlhelpers.py +++ b/voussoirkit/sqlhelpers.py @@ -145,6 +145,7 @@ def literal(item): return f'{item:f}' elif isinstance(item, str): + item = item.replace("'", "''") return f"'{item}'" elif isinstance(item, bytes):