how to format variables before db to avoid errors

I am recieving errors like this one:

_mysql_exceptions.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't 开发者_运维技巧Stop.mp3' LIMIT 1' at line 1")

Because I am trying to compare a URL that exists in my DB to one in a variable before I choose to insert it or not with the below code:

`#see if any links in the DB match the crawled link

check_exists_sql = "SELECT * FROM LINKS WHERE link = '%s' LIMIT 1" % item['link'].encode("utf-8") 

cursor.execute(check_exists_sql)`

Obviously the ' character and perhaps other characters are causing problems.

How do I format these URLs to avoid this?

---

Let the MySQLdb module do the interpolation:

cursor.execute("""SELECT * FROM LINKS WHERE link = %s LIMIT 1""",
    (item['link'].encode("utf-8"),)
)

The execute() function can be passed items to be substituted into the query (see the documentation for execute()). It will automatically escape things as necessary for the DB query.

If you prefer to use a dict instead of a tuple to specify the things to substitute in:

cursor.execute("""SELECT * FROM LINKS WHERE link = %(link)s LIMIT 1""",
    {'link': item['link'].encode("utf-8")}
)