Use bind params for insert into stations so names with apostrophes work.

eyeonus · Aug 16, 2014 · 9dc9b98 · 9dc9b98
1 parent f435846
commit 9dc9b98
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/import.py b/import.py
@@ -34,6 +34,7 @@
 rejectUnknown = False
 
 tdb = TradeDB(r'.\TradeDangerous.accdb')
+sqlEscapeRe = re.compile(r'([\\\'\"%;])')
 
 categories = dict()
 for row in tdb.fetch_all("""
@@ -84,7 +85,7 @@ def changeStation(line):
         try:
             station = tdb.getStation(stnName)
         except LookupError:
-            tdb.query("INSERT INTO Stations (system, station) VALUES ('%s', '%s')" % (sysName, stnName)).commit()
+            tdb.query("INSERT INTO Stations (system, station) VALUES (?, ?)", [sysName, stnName]).commit()
             print("Added %s/%s" % (sysName, stnName))
             tdb.load()
             station = tdb.getStation(stnName)