Why Doesn't This MySQL Statement Execute?
Wayne Werner
wayne at waynewerner.com
Tue Dec 18 17:02:01 EST 2012
On Tue, 18 Dec 2012, Tom Borkin wrote:
> Hi;
> I have this test code:
>
> if i_id == "1186":
> sql = 'insert into interactions values(Null, %s, "Call Back", "%s")' % (i_id, date_plus_2)
> cursor.execute(sql)
> db.commit()
> print sql
> It prints the sql statement, but it doesn't execute. If I copy and paste the sql into the mysql command line it does execute without warnings or errors. What gives?
Does date_plus_2 contain
"Robert"); DROP TABLE interactions; --
By any chance?
-W
More information about the Python-list
mailing list