Home/ Questions/Q 6590303
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T17:16:59+00:00

I have to create JSON string from database values and push it back to

  • 0

I have to create JSON string from database values and push it back to database again. My Python code is:

json = "{"
for row in cursor_mysql:
    #mainkey = row[0]
    #name = row[1]
    #value = row[2]
    mainkey = """"  " \n \ /  """    #for testing only
    name = """    {} " \r \t  """    #for testing only
    value = """  ' " \ &      """    #for testing only
    json += """"%s":{"name":"%s","value":"%s"},""" % (re.escape(mainkey), re.escape(name), re.escape(value))

json = json[:-1]
json += "}"
#print json
query = """UPDATE table SET json = '%s' WHERE id = '%d' RETURNING id""" %  (json, rowId)
cursor_postgres.execute(query)
conn_postgres.commit()
insertId = cursor_postgres.fetchone()[0]

This code works great when there are no malicious characters around. However, it doesn’t work when sprinkled with non-alphanumeric values, as in the test cases above.

The bad JSON making it to my db is:

{
    """ 
 \ /   ": {
        "name": " {} "","value":"'"  "
    },
    """ 
 \ /   ": {
        "name": " {} "","value":"'"  "
    }
}

How to sanitize the string, so that when deserialized the json output is same as input?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    import json

data = json.dumps(BIG_STRUCTURE_GOES_HERE)
query = """UPDATE table SET json = %s WHERE id = %s RETURNING id"""
cursor_postgres.execute(query, (data, rowId))
conn_postgres.commit()
    • 0