string class variable to sqlite3
Marko Rauhamaa
marko at pacujo.net
Sun Oct 18 11:31:15 EDT 2015
andybrookestar at googlemail.com:
> cursor = self.conn.execute("SELECT * from wiki WHERE one LIKE '%s' "%
> self.myString1)
That's really dangerous. See:
<URL: http://stackoverflow.com/questions/309945/how-to-quote-a-strin
g-value-explicitly-python-db-api-psycopg2>
Now, I don't know if there are any better stdlib ways to quote SQL
strings properly.
Marko
More information about the Python-list
mailing list