escape sql string for SDL

Signed-off-by: LetongHan <letong.han@intel.com>
intel · Nov 6, 2023 · be6790a · be6790a
1 parent 27c5d1e
commit be6790a
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/intel_extension_for_transformers/neural_chat/utils/database/mysqldb.py b/intel_extension_for_transformers/neural_chat/utils/database/mysqldb.py
@@ -17,6 +17,7 @@
 
 from .config import get_settings
 from pymysql import connect, cursors
+from pymysql.converters import escape_string
 from contextlib import contextmanager
 
 global_settings = get_settings()
@@ -55,11 +56,15 @@ def transaction(self):
             raise e
 
     def fetch_one(self, sql, params=None):
-        self._cursor.execute(sql, params)
+        escape_sql = escape_string(sql)
+        print(f"escape sql: {escape_sql}")
+        self._cursor.execute(escape_sql, params)
         return self._cursor.fetchone()
 
     def fetch_all(self, sql, params=None):
-        self._cursor.execute(sql, params)
+        escape_sql = escape_string(sql)
+        print(f"escape sql: {escape_sql}")
+        self._cursor.execute(escape_sql, params)
         return self._cursor.fetchall()
 
     def insert(self, sql, params):