def _format_direct(value: typing.Text, context: types.Context): "The string is short and has no newlines in it." if len(value) > context.remaining_line_length: raise StrategyFailureError("Value length is {} which is longer than context max line length of {}".format(len(value), context.remaining_line_length)) result = value.replace("\t", r"\t").replace("\n", r"\n") return "{quote}{result}{quote}".format( quote=context.quote, result=result, )
def escapeIdentifier(identifier: typing.Text) -> typing.Text: """Escapes an SQLite Identifier, e.g. a column name. This will prevent SQLite injections, and column names being incorrectly classified as string literal values. Mixing up the quotes (ie using ' instead of ") can cause unexpected behaviour, since SQLite guesses whether something is a column-name or a variable. Args: identifier: The identifier that you want to escape, ie the column name. Returns: The escaped identifier for using in an SQLite Statement String. """ # escapes all " with "" and adds " at the beginning/end return '"{}"'.format(identifier.replace('"', '""'))