Python or PHP?
Leif K-Brooks
eurleif at ecritters.biz
Sat Apr 23 19:13:20 EDT 2005
John Bokma wrote:
> my $sort = $cgi->param( "sort" );
> my $query = "SELECT * FROM table WHERE id=? ORDER BY $sort";
And the equivalent Python code:
cursor.execute('SELECT * FROM table WHERE id=%%s ORDER BY %s' % sort,
[some_id])
You're right, of course, about being *able* to write code with SQL
injection vulnerabilities in Python. But it's not even close to being as
easy as in PHP.
More information about the Python-list
mailing list