how to replace and string in a "SELECT ... IN ()"
Tino Wildenhain
tino at wildenhain.de
Fri Sep 26 09:05:35 EDT 2008
Michael Mabin wrote:
> cursor.execute("""
> SELECT titem.object_id, titem.tag_id
> FROM tagging_taggeditem titem
> WHERE titem.object_id IN (%s)
> """ % ','.join([str(x) for x in [1,5,9]])
Nope. That would be dangerous! -> google for SQL injection
Tino
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-list/attachments/20080926/687ab2b7/attachment.bin>
More information about the Python-list
mailing list