TypeError
Steve Holden
steve at holdenweb.com
Wed Jan 6 21:43:29 EST 2010
Steve Holden wrote:
> John Machin wrote:
> [...]
>> I note that in the code shown there are examples of building an SQL
>> query where the table name is concocted at runtime via the %
>> operator ... key phrases: "bad database design" (one table per
>> store!), "SQL injection attack"
>>
> I'm not trying to defend the code overall, but most databases won't let
> you parameterize the table or column names, just the data values.
>
And, apropos of nothing in particular, here's a completely gratuitous
additional chance to tell me off again for spamming the list about a
conference:
http://holdenweb.blogspot.com/2010/01/register-for-pycon-or-kitten-gets-it.html
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
PyCon is coming! Atlanta, Feb 2010 http://us.pycon.org/
Holden Web LLC http://www.holdenweb.com/
UPCOMING EVENTS: http://holdenweb.eventbrite.com/
More information about the Python-list
mailing list