MySQLdb._escape_string() broken in Python 2.7 #1
Description
I was having a bunch of trouble getting the registration page to work and someone on stackoverflow (http://stackoverflow.com/questions/3617052/escape-string-python-for-mysql) suggested an alternate way after I found a bunch of posts relating to the escape_string currently being broken. I edited __init__.py registration page with the following and was able to get it to work.
sql_check_reg = "SELECT * FROM users WHERE username = (%s)"
x = c.execute(sql_check_reg, (username,))
and:
sql_insert_reg = "INSERT INTO users (username, password, email) VALUES (%s, %s, %s)"
c.execute(sql_insert_reg, (username, password, email))
Maybe you could verify that this is in fact a good method and not susceptible to sql injection?