When I have a cursor, I know I can safely execute a query as follows:
cur.execute("SELECT * FROM foo WHERE foo.bar = %s", (important_variable,))
Is there any way to just get the string safely without executing the query? For example, if important_variable is a string, like "foo 'bar' \"baz", I'd want the appropriately escaped one:
"SELECT * FROM foo WHERE foo.bar = "foo \'bar\' \"baz"
(or whatever the appropriate escaping is, I'm not even sure).
I'm using psycopg, and sqlobject.
Look at the mogrify method for cursors -- it will return the string after variable binding and show any quoting it does
cur.mogrify("SELECT * FROM foo WHERE foo.bar = %s", ("foo 'bar' \"baz",))