sparql with python - INSERT triple with apostrophe

Question

I'm having some trouble on execute a sparql update. As the title say the problem is the apostrophe in the 2nd triple of the query. This is the error:

Response: Error 400: Lexical error at line 20,column 229. Encountered " " (32) after: "s"

Here is the code in python:

from SPARQLWrapper import SPARQLWrapper


def Query(query):
    sparql=SPARQLWrapper("http://localhost:3030/ann/update")
    sparql.setQuery(query)
    sparql.method='POST'
    sparql.query()

query = """INSERT DATA {
           <http://www.example.com> a <http://purl.org/spar/fabio/Item>;
           rdfs:label 'Webpage's title'^^<http://www.w3.org/2000/01/rdf-schema#string>.
        }"""

Query(query)

Any ideas on how to do it?

Why not just use `rdfs:label "Webpage's title"^^.` (i.e., with double quotes)? The problem is that you're using a single quote to mark the string, but have a single quote *in* the string, too. — Joshua Taylor, Oct 03 '15 at 18:29
@JoshuaTaylor Thanks for your reply. Yeah it works but the problem is when i try to parametrize the title:like this: `rdfs:label "+title+"^^.` In this case i used your suggestion but it still doesn't work. This is the erroe this time: `Response: Error 400: Encountered " "+" "+ "" at line 20,column 220.` — alessandrof, Oct 05 '15 at 12:26
**when i try to parametrize the title:like this: `rdfs:label "+title+"^^`.** Yup, that's the kind of problem that can happen when you "parameterize" things with string concatenation. Just think what would happen if anyone every typed a value of `title` with something like `some title" . ...malicious triples here... :foo a "arbitrary`. It'd be a perfectly legal insert, and you'd be putting arbitrary content into your triple store. It's much better to use properly parameterized queries, if you have that option. — Joshua Taylor, Oct 05 '15 at 12:53
One option that's not foolproof, but will be a bit easier to check, is using *triple quoted* strings. The long string literal productions in the grammer (search for STRING_LITERAL_LONG1 in the [the spec](http://www.w3.org/TR/sparql11-query/#QSynLiterals)) let you write `"""text with ' and " unescaped"""` and `''' same thing with ' and " '''`. Those can contain anything, so you'd just have to check whether they contain `"""` or `'''`. — Joshua Taylor, Oct 05 '15 at 14:58

sparql with python - INSERT triple with apostrophe

0 Answers0