PyMySQL
diff --git a/‎pymysql/converters.py
Copy file name to clipboardExpand all lines: pymysql/converters.py
+44-12Lines changed: 44 additions & 12 deletions b/‎pymysql/converters.py
Copy file name to clipboardExpand all lines: pymysql/converters.py
+44-12Lines changed: 44 additions & 12 deletions
diff --git a/‎pymysql/cursors.py
Copy file name to clipboardExpand all lines: pymysql/cursors.py
+1-1Lines changed: 1 addition & 1 deletion b/‎pymysql/cursors.py
Copy file name to clipboardExpand all lines: pymysql/cursors.py
+1-1Lines changed: 1 addition & 1 deletion
@@ -4,17 +4,12 @@
 import binascii
 import datetime
 from decimal import Decimal
-import re
 import time
 
 from .constants import FIELD_TYPE, FLAG
 from .charset import charset_by_id, charset_to_encoding
 
 
-ESCAPE_REGEX = re.compile(r"[\0\n\r\032\'\"\\]")
-ESCAPE_MAP = {'\0': '\\0', '\n': '\\n', '\r': '\\r', '\032': '\\Z',
-              '\'': '\\\'', '"': '\\"', '\\': '\\\\'}
-
 def escape_item(val, charset, mapping=None):
     if mapping is None:
         mapping = encoders
@@ -48,8 +43,7 @@ def escape_sequence(val, charset, mapping=None):
     return "(" + ",".join(n) + ")"
 
 def escape_set(val, charset, mapping=None):
-    val = map(lambda x: escape_item(x, charset, mapping), val)
-    return ','.join(val)
+    return ','.join([escape_item(x, charset, mapping) for x in val])
 
 def escape_bool(value, mapping=None):
     return str(int(value))
@@ -63,19 +57,57 @@ def escape_int(value, mapping=None):
 def escape_float(value, mapping=None):
     return ('%.15g' % value)
 
-def escape_string(value, mapping=None):
-    return ("%s" % (ESCAPE_REGEX.sub(
-            lambda match: ESCAPE_MAP.get(match.group(0)), value),))
+
+def escape_string_2(value, mapping=None):
+    """escape_string escapes *value* but not surround it with quotes.
+
+    Value should be bytes or unicode.
+    """
+    value = value.replace('\\', '\\\\')
+    value = value.replace('\0', '\\0')
+    value = value.replace('\n', '\\n')
+    value = value.replace('\r', '\\r')
+    value = value.replace('\032', '\\Z')
+    value = value.replace("'", "\\'")
+    value = value.replace('"', '\\"')
+    return value
+
+
+_escape_table = [chr(x) for x in range(128)]
+_escape_table[0] = '\\0'
+_escape_table[ord('\\')] = '\\\\'
+_escape_table[ord('\n')] = '\\n'
+_escape_table[ord('\r')] = '\\r'
+_escape_table[ord('\032')] = '\\Z'
+_escape_table[ord('"')] = '\\"'
+_escape_table[ord("'")] = "\\'"
+
+def escape_string_3(value, mapping=None):
+    """escape_string escapes *value* but not surround it with quotes.
+
+    Value should be str (unicode).
+    """
+    return value.translate(_escape_table)
+
+escape_string = escape_string_2 if PY2 else escape_string_3
+
 
 def escape_str(value, mapping=None):
     return "'%s'" % escape_string(value, mapping)
 
 def escape_unicode(value, mapping=None):
     return escape_str(value, mapping)
 
+
+# On Python ~3.5, str.decode('ascii', 'surrogateescape') is slow.
+# (fixed in Python 3.6, http://bugs.python.org/issue24870)
+# Workaround is str.decode('latin1') then translate 0x80-0xff into 0udc80-0udcff.
+# We can escape special chars and surrogateescape at once.
+_escape_bytes_table = _escape_table + [chr(i) for i in range(0xdc80, 0xdd00)]
+
 def escape_bytes(value, mapping=None):
-    # escape_bytes is calld only on Python 3.
-    return escape_str(value.decode('ascii', 'surrogateescape'), mapping)
+    return "'%s'" % value.decode('latin1').translate(_escape_bytes_table)
+
 
 def escape_None(value, mapping=None):
     return 'NULL'
 
@@ -117,7 +117,7 @@ def _escape_args(self, args, conn):
             # If it's not a dictionary let's try escaping it anyways.
             # Worst case it will throw a Value error
             if PY2:
-                ensure_bytes(args)
+                args = ensure_bytes(args)
             return conn.escape(args)
 
     def mogrify(self, query, args=None):