mod_python
Diez B. Roggisch
deets at nospam.web.de
Sun Nov 6 19:53:17 EST 2005
> I hate to ask, but what happens when I enter "a, b, c);DROP DATABASE;" as
> the entry for z_name? (Or some similar attempt to close the
> SQL statement and start a new one). I think you want to google for "SQL
> injection" and think about sanitising user input a bit.
And using the parametrized form of cursor.execute() - which I guess is
easier to do. But you're right of course, too.
Regards,
Diez
More information about the Python-list
mailing list