[Zope] Database connection in Python script and quoting characters

[Chris Muldrow]

A Pythonish question: If I'm working with a DBI module and am inserting
items in a database as so:
            sql = "insert into homestest ("+CatHead+") values
("+foundData+")"
            print sql
            crsr.execute(sql)

How should my string foundData look as far as escaping characters? Right
now, I send over values with apostrophes and commas and they make the SQL
code choke.
Thanks! - Chris Muldrow