Python or PHP?
Leif Biberg Kristensen
abuse at solumslekt.org
Sat Apr 23 19:35:31 EDT 2005
Leif K-Brooks skrev:
> But Python's DB-API (the standard way to connect to an SQL database
> from Python) makes escaping SQL strings automatic. You can do this:
>
> cursor.execute('UPDATE foo SET bar=%s WHERE id=%s', ["foo'bar", 123])
So. I've been writing SQL queries in Python like this, using PostgreSQL
and psycopg:
cursor.execute("select * from foo where bar=%s" % baz)
Is that wrong, and how should I have been supposed to know that this is
bad syntax? No doc I have seen actually has told me so.
--
Leif Biberg Kristensen
http://solumslekt.org/
More information about the Python-list
mailing list