Is This Open To SQL Injection?
Victor Subervi
victorsubervi at gmail.com
Wed Jul 7 14:38:17 EDT 2010
Hi;
I have this code:
sql = 'insert into personalDataKeys values (%s, %s, %s)' % (store, user,
', %s'.join('%s' * len(col_vals))
cursor.execute(sql, col_vals)
Is this open to injection attacks? If so, how correct?
TIA,
beno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20100707/af2220ed/attachment.html>
More information about the Python-list
mailing list