CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-mysql-python

Python interface to MySQL databases implementing the Python Database API version 2.0 specification.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

escaping.mddocs/

String Escaping and Utilities

Critical string escaping functions for SQL injection prevention, utility functions for client information, and debugging support. These functions provide secure ways to handle user input and interact with MySQL.

Capabilities

String Escaping Functions

Functions for safely escaping strings and data structures to prevent SQL injection attacks.

def escape(obj, mapping):
    """
    Escape object using provided mapping dictionary.
    
    Parameters:
    - obj: Object to escape (string, number, sequence, etc.)
    - mapping: Dictionary mapping Python types to escape functions
    
    Returns:
    str: Escaped string representation suitable for SQL
    """

def escape_string(s):
    """
    Escape SQL-interpreted characters in string s.
    
    DEPRECATED: Use connection.escape_string() instead.
    This function cannot handle character sets properly.
    
    Parameters:
    - s (str): String to escape
    
    Returns:
    str: Escaped string with SQL special characters escaped
    """

def escape_dict(d, mapping):
    """
    Escape all values in a dictionary using the provided mapping.
    
    Parameters:
    - d (dict): Dictionary with values to escape
    - mapping: Dictionary mapping Python types to escape functions
    
    Returns:
    dict: New dictionary with all values escaped
    """

def escape_sequence(seq, mapping):
    """
    Escape all items in a sequence using the provided mapping.
    
    Parameters:
    - seq: Sequence (list, tuple) to escape
    - mapping: Dictionary mapping Python types to escape functions
    
    Returns:
    list: List of escaped string representations
    """

def string_literal(obj):
    """
    Convert object to SQL string literal with single quotes.
    
    DEPRECATED: Use connection.string_literal() instead.
    This function cannot handle character sets properly.
    
    Equivalent to: "'%s'" % escape_string(str(obj))
    
    Parameters:
    - obj: Object to convert to SQL literal
    
    Returns:
    str: Object as quoted SQL string literal
    """

Usage Examples

import MySQLdb

# Basic escaping (deprecated - use connection methods instead)
unsafe_string = "Robert'; DROP TABLE students; --"
safe_string = MySQLdb.escape_string(unsafe_string)
print(safe_string)  # "Robert\\'; DROP TABLE students; --"

# Preferred: Use connection-aware escaping
db = MySQLdb.connect(host="localhost", user="user", passwd="pass", db="test")
safe_string = db.escape_string(unsafe_string)

# Escape dictionary values
from MySQLdb.converters import conversions
data = {"name": "O'Reilly", "age": 25}
escaped_data = MySQLdb.escape_dict(data, conversions)

# Escape sequence values
values = ["O'Reilly", 25, None]
escaped_values = MySQLdb.escape_sequence(values, conversions)

Client Information

Functions for retrieving MySQL client library information.

def get_client_info():
    """
    Get MySQL client library version string.
    
    Returns:
    str: Version string of the MySQL client library
    """

Usage Examples

import MySQLdb

# Get client library version
client_version = MySQLdb.get_client_info()
print(f"MySQL client version: {client_version}")
# Output: "MySQL client version: 5.1.73"

# Useful for compatibility checking
major_version = int(client_version.split('.')[0])
if major_version >= 5:
    print("Modern MySQL client library")

Debug Support

Functions for debugging MySQL operations using the Fred Fish debug library.

def debug(debug_string):
    """
    Perform DBUG_PUSH with the given debug string.
    
    Uses the Fred Fish debug library. Client library must be
    compiled with debugging support to use this function.
    
    Parameters:
    - debug_string (str): Debug control string
    """

Usage Examples

import MySQLdb

# Enable debug tracing (requires debug-enabled client library)
MySQLdb.debug("d:t:o,/tmp/client.trace")

# Disable debugging
MySQLdb.debug("")

Module Attributes

Important module-level constants and version information.

NULL: object
    """Special NULL constant for representing SQL NULL values"""

version_info: tuple
    """Version information as tuple (major, minor, patch, release_type, serial)"""

__version__: str
    """Version string in format "major.minor.patch" """

__author__: str
    """Package author information"""

Usage Examples

import MySQLdb

# Check version compatibility
if MySQLdb.version_info >= (1, 2, 5):
    print("Compatible version")

# Use NULL constant
cursor.execute("INSERT INTO table (col1, col2) VALUES (%s, %s)", 
               ("value", MySQLdb.NULL))

# Display version information
print(f"MySQLdb version: {MySQLdb.__version__}")
print(f"Version info: {MySQLdb.version_info}")
print(f"Author: {MySQLdb.__author__}")

Security Considerations

Important: The module-level escaping functions (escape_string, string_literal) are deprecated because they cannot handle character sets properly. Always use the connection-aware methods instead:

# DEPRECATED - Don't use
MySQLdb.escape_string(user_input)

# PREFERRED - Use connection methods
db = MySQLdb.connect(...)
db.escape_string(user_input)  # Character set aware
db.escape(user_input, conversions)  # Full type conversion

The connection methods understand the current character set encoding and provide proper escaping for the specific MySQL connection configuration.

Install with Tessl CLI

npx tessl i tessl/pypi-mysql-python

docs

connections.md

constants-errors.md

cursors.md

escaping.md

index.md

low-level.md

types.md

tile.json