Why Doesn't This MySQL Statement Execute?
Alister
alister.ware at ntlworld.com
Wed Dec 19 08:28:09 EST 2012
On Tue, 18 Dec 2012 17:34:08 -0400, Tom Borkin wrote:
> Hi;
> I have this test code:
>
> if i_id == "1186":
> sql = 'insert into interactions values(Null, %s, "Call Back","%
s")' % (i_id, date_plus_2)
> cursor.execute(sql)
Please don't build your sql strings like this but pass the data as
paramaters
something like
sql="Insert into table (`field1`,`field2`) Values %s,%s"
cursor.execute(sql,(data1,data2))
And Goolge SQL injection
--
I can hire one half of the working class to kill the other half.
-- Jay Gould
More information about the Python-list
mailing list