Prevent CSV Injection when suing user generated data

csv_generated_string_escape.py

def escape_csv(payload):
    if payload[0] in ('@','+','-', '=', '|'):
            payload = "'" + payload
            payload = payload.replace("|", "\|")
    return payload

# Example
payload = "@cmd|' /C calc'!A0"
print("The Unescaped version is: " + payload)
print("When passed though escape function the value is: " + escape_csv(payload))

Tiny comment: the last two lines should instead be

print "The Unescaped version is: " + payload
print "When passed though escape function the value is: " + escape_csv(payload)