Data Entry
Chris Angelico
rosuav at gmail.com
Wed Jan 13 06:29:37 EST 2016
On Wed, Jan 13, 2016 at 10:21 PM, Peter Otten <__peter__ at web.de> wrote:
>> To set a multi-word value as an HTML attribute, you'll need to put
>> quotes around it. You might be able to get away with using %r instead
>> of %s, or even just "%s",
>
> That is bad advice that "works" until there is a value containing
> quotes or other markup.
>
Which is why I said "get away with". If you know your data, you might
know that it can have spaces but never quotes, for instance. But
proper escaping is definitely the way to go.
ChrisA
More information about the Python-list
mailing list