Why Is Escaping Data Considered So Magical?
Nobody
nobody at nowhere.com
Sun Jun 27 09:55:23 EDT 2010
On Sun, 27 Jun 2010 14:36:10 +1200, Lawrence D'Oliveiro wrote:
>> In any case, you're still trying to make arguments about whether it's easy
>> or hard to get it right, which completely misses the point. Eliminating
>> the escaping entirely makes it impossible to get it wrong.
>
> Except nobody has yet shown an alternative which is easier to get right.
For SQL, use stored procedures or prepared statements. For HTML/XML, use a
DOM (or similar) interface.
More information about the Python-list
mailing list