Escaping is automatic, you just have to call:

转义是自动的，你只需要调用：

cursor.execute("query with params %s %s", ("param1", "pa'ram2"))

(notice that the python % operator is notused) and the values will be correctly escaped.

（请注意，未使用python % 运算符）并且这些值将被正确转义。

You can escape manually a variable using extensions.adapt(var), but this would be error prone and not keep into account the connection encoding: it is notsupposed to be used in regular client code.

您可以使用 手动转义变量extensions.adapt(var)，但这很容易出错，并且不会考虑连接编码：它不应该在常规客户端代码中使用。

Like piro said,escaping is automatic. But there's a method to also return the full sql escaped by psycopg2 using cursor.mogrify(sql, [params])

就像piro 说的，转义是自动的。但是有一种方法也可以使用cursor.mogrify(sql, [params])返回由 psycopg2 转义的完整 sql

In the unlikely event that query parameters aren't sufficient and you need to escape strings yourself, you can use Postgres escaped string constantsalong with Python's repr(because Python's rules for escaping non-ascii and unicode characters are the same as Postgres's):

万一查询参数不足并且您需要自己转义字符串，您可以将Postgres 转义字符串常量与 Python 一起使用repr（因为 Python 转义非 ascii 和 unicode 字符的规则与 Postgres 的相同）：

def postgres_escape_string(s):
   if not isinstance(s, basestring):
       raise TypeError("%r must be a str or unicode" %(s, ))
   escaped = repr(s)
   if isinstance(s, unicode):
       assert escaped[:1] == 'u'
       escaped = escaped[1:]
   if escaped[:1] == '"':
       escaped = escaped.replace("'", "\'")
   elif escaped[:1] != "'":
       raise AssertionError("unexpected repr: %s", escaped)
   return "E'%s'" %(escaped[1:-1], )

psycopg2added a method in version 2.7 it seems: http://initd.org/psycopg/docs/extensions.html#psycopg2.extensions.quote_ident

psycopg2似乎在 2.7 版中添加了一个方法：http: //initd.org/psycopg/docs/extensions.html#psycopg2.extensions.quote_ident

from psycopg2.extensions import quote_ident

with psycopg2.connect(<db config>) as conn:
    with conn.cursor() as curs:
        ident = quote_ident('foo', curs)

If you get an error like: TypeError: argument 2 must be a connection or a cursor, try either:

如果您收到类似的错误： TypeError: argument 2 must be a connection or a cursor，请尝试：

ident = quote_ident('foo', curs.cursor)

# or

ident = quote_ident('food', curs.__wrapper__)

Psycopg2 doesn't have such a method. It has an extensionfor adapting Python values to ISQLQuote objects, and these objects have a getquoted()method to return PostgreSQL-compatible values.

Psycopg2 没有这样的方法。它具有使 Python 值适应 ISQLQuote 对象的扩展，并且这些对象具有getquoted()返回与 PostgreSQL 兼容的值的方法。

See this blog for an example of how to use it:

有关如何使用它的示例，请参阅此博客：

Quoting bound values in SQL statements using psycopg2

使用 psycopg2 在 SQL 语句中引用绑定值

Update 2019-03-03: changed the link to archive.org, because after nine years, the original is no longer available.

2019-03-03 更新：更改了archive.org 的链接，因为九年后，原来的不再可用。