String concatenation (was: Steve D'Aprano, you're the "master". What's wrong with this concatenation statement?)
Chris Angelico
rosuav at gmail.com
Sun May 8 22:16:40 EDT 2016
On Mon, May 9, 2016 at 10:44 AM, Thomas 'PointedEars' Lahn
<PointedEars at web.de> wrote:
> With the “%” string operator (deprecated), str.format(), and str.Template,
> you can use other values in string values even without concatenation.
Not deprecated. Don't spread FUD.
> Finally, with SQL you should prefer Prepared Statements and Stored
> Procedures, not bare strings, to avoid SQL injection:
>
> <https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet>
He is safe. He's using parameterized queries.
> Also, it would be a good idea if you posted under your real name. Internet
> is the thing with cables; Usenet is the thing with people. I for one tend
> to avoid communicating with few-letter entities; exceptions to that would
> probably include only E.T., M.J., ALF, and K.I.T.T.
I'm not using Usenet, Mr PointedEars.
ChrisA
More information about the Python-list
mailing list