Strange MySQL Problem
Victor Subervi
victorsubervi at gmail.com
Thu May 20 13:29:24 EDT 2010
On Thu, May 20, 2010 at 12:56 PM, MRAB <python at mrabarnett.plus.com> wrote:
>
> When performing SQL operations, don't insert the values using Python's
> string formatting, because that makes it vulnerable to SQL-injection
> attacks, ie don't do this:
>
> cursor.execute(sql_command % values)
>
> do this:
>
> cursor.execute(sql_command, values)
Oh, thank you!
> I think you need to 'commit' any changes to do to the database.
>
Caught by the commit again. Yes, thanks.
beno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20100520/42e60ce9/attachment-0001.html>
More information about the Python-list
mailing list