sql escaping module
Fredrik Lundh
fredrik at pythonware.com
Thu Dec 8 01:21:41 EST 2005
David Bear wrote:
> Being new to pgdb, I'm finding there are lot of things I don't understand
> when I read the PEP and the sparse documentation on pgdb.
>
> I was hoping there would be a module that would properly escape longer text
> strings to prevent sql injection -- and other things just make sure the
> python string object ends up being a properly type for postgresql. I've
> bought 3 books on postgresql and none of th code samples demonstrate this.
>
> web searchs for 'python sql escape string' yeild way too many results.
>
> Any pointers would be greatly appreciated.
for x in range(1000000):
print "USE PARAMETERS TO PASS VALUES TO THE DATABASE"
</F>
More information about the Python-list
mailing list