Updating a filename's counter value failed each time

[Νίκος]

On 17/6/2013 10:05 μμ, Alister wrote:
> You are correct Nicos, passing the values as a parameter list does
> protect you from SQL injection JT has made an error.

Even if the query is somehting like:

http://superhost.gr/cgi-bin/files.py?filename="Select....."

 From what exactly the comma protects me for?

What id=f the user passes data to filename variable throgh url?
Will comma understand that?
How can it tell form a normal filename opposes to a select statemnt 
acting as a filename value?



-- 
What is now proved was at first only imagined!