Secure Python code - volunteers for code review?

[Josiah Carlson]

> > Thankfully, other languages are able to translate to/from hex *wink*. 
> 
> Well, paint me ignorant, but I'm unaware of any feature in psql or mysql
> (or any other tool, for that matter) that translates hex data to a
> human-readable form without explicitly wrapping each field in your query
> in a function call (and this precludes queries such as "SELECT * FROM
> foo").  I'm not certain what you mean by "other languages" as I was
> referring to the command line tools shipped with PostgreSQL and MySQL
> respectively.

What I meant by other languages, were languages like php, perl, tcl,
lisp, C, C++, Java, or any other language one would be using data from
SQL databases.

> Anyone who does a lot of database work inevitably finds themselves using
> the stock tools to review/revise data, so IMO, encoding the data is far
> too tedious when there is an existing method for providing safe queries
> that doesn't incur this overhead.

Mayhaps we should look at the context that the post was in: a Python
newsgroup/mailing list.  Since encoding and decoding hex is available in
Python, at least in this application, it seems sufficient.  It does
suffer from the pre and post-processing requirements that have been
discussed, but prepare only saves you the post-processing.

Whether or not the original poster will be spending their time using
console SQL commands to audit data, I don't know.  Which one is better
for a particular application may depend on that application.  Prepare is
likely the best solution for most cases.

 - Josiah