Python SQL sanitization WITHOUT driver support

[ttigresa]

Is there a way to properly sanitize SQL inputs before passing them to the cursor.execute command in python? I know you are supposed to be able to make a construct like the following:\[code\]cursor.execute("insert into Attendees values (?, ?, ?)", (name, seminar, paid) )\[/code\]to properly do this, but it's not working with my ODBC driver (4D V11) and pyodbc. To be more specific, I am trying to write an INSERT statement, using the above format. When I run the code a record is inserted, but only the numerical variables are populated in the resulting record- the strings are blank. If I switch ODBC drivers (and databases, obviously) to pqodbc and a Postgresql database set up identically (at least for the fields I am trying to insert) the same code runs perfectly. This would imply to me that the problem is in the 4D driver, not in Python. That said, it is unlikely that the 4D driver is going to be fixed any time soon, so I am looking for other workarounds. Any suggestions? Thanks