[issue11685] possible SQL injection into db APIs via table names... sqlite3
Rene Dudfield
report at bugs.python.org
Sun Mar 27 10:19:55 CEST 2011
Rene Dudfield <illume at users.sourceforge.net> added the comment:
Hi,
aaah, ok.
It seems to require the use of a quote function. See http://www.sqlite.org/c3ref/mprintf.html
However python does not seem to expose the function? I don't see how you can write safe queries using python without it.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11685>
_______________________________________
More information about the Python-bugs-list
mailing list