Python or PHP?
Fredrik Lundh
fredrik at pythonware.com
Sun Apr 24 03:22:21 EDT 2005
Leif Biberg Kristensen wrote:
> So. I've been writing SQL queries in Python like this, using PostgreSQL
> and psycopg:
>
> cursor.execute("select * from foo where bar=%s" % baz)
>
> Is that wrong, and how should I have been supposed to know that this is
> bad syntax?
do you get paid to write security sensitive applications? if so, you should
know why that is bad, and what to do instead.
> No doc I have seen actually has told me so.
well, the DB-API specification spends enough time talking about para-
meters for you to figure out that maybe, just maybe, you should learn what
they are.
</F>
More information about the Python-list
mailing list