Python or PHP?

Leif K-Brooks eurleif at ecritters.biz
Sat Apr 23 19:13:20 EDT 2005

Previous message (by thread): Python or PHP?
Next message (by thread): Python or PHP?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John Bokma wrote:
> my $sort = $cgi->param( "sort" );
> my $query = "SELECT * FROM table WHERE id=? ORDER BY $sort";

And the equivalent Python code:

cursor.execute('SELECT * FROM table WHERE id=%%s ORDER BY %s' % sort, 
[some_id])

You're right, of course, about being *able* to write code with SQL 
injection vulnerabilities in Python. But it's not even close to being as 
easy as in PHP.

Previous message (by thread): Python or PHP?
Next message (by thread): Python or PHP?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-list mailing list