What is the right method of escaping string before using it as json object

I have to create JSON string from database values and push it back to database again. My Python code is:

json = "{"
for row in cursor_mysql:
    #mainkey = row[0]
    #name = row[1]
    #value = row[2]
    mainkey = """"  " \n \ /  """    #for testing only
    name = """    {} " \r \t  """    #for testing only
    value = """  ' " \ &      """    #for testing only
    json += """"%s":{"name":"%s","value":"%s"},""" % (re.escape(mainkey), re.escape(name), re开发者_JS百科.escape(value))

json = json[:-1]
json += "}"
#print json
query = """UPDATE table SET json = '%s' WHERE id = '%d' RETURNING id""" %  (json, rowId)
cursor_postgres.execute(query)
conn_postgres.commit()
insertId = cursor_postgres.fetchone()[0]

This code works great when there are no malicious characters around. However, it doesn't work when sprinkled with non-alphanumeric values, as in the test cases above.

The bad JSON making it to my db is:

{
    """ 
 \ /   ": {
        "name": " {} "","value":"'"  "
    },
    """ 
 \ /   ": {
        "name": " {} "","value":"'"  "
    }
}

How to sanitize the string, so that when deserialized the json output is same as input?

import json

data = json.dumps(BIG_STRUCTURE_GOES_HERE)
query = """UPDATE table SET json = %s WHERE id = %s RETURNING id"""
cursor_postgres.execute(query, (data, rowId))
conn_postgres.commit()

http://docs.python.org/library/json.html

http://pypi.python.org/pypi/simplejson/

django.utils.simplejson

Simply use the json library:

import json
mainkey = """"  " \n \ /  """    #for testing only
name = """    {} " \r \t  """    #for testing only
value = """  ' " \ &      """    #for testing only
d = {mainkey: {"name": name, "value": value}}
jsonValue = json.dumps(d)