Concatenating a Hash to a String
Chris Angelico
rosuav at gmail.com
Tue Dec 1 01:00:07 EST 2020
On Tue, Dec 1, 2020 at 4:53 PM Ivan "Rambius" Ivanov
<rambiusparkisanius at gmail.com> wrote:
>
> On Tue, Dec 1, 2020 at 12:39 AM Chris Angelico <rosuav at gmail.com> wrote:
> > Don't do this! DO NOT do this! Even if it might happen to work with a
> > base 64 encoded value, this is a terrible terrible bug just waiting to
> > happen. Instead, use *parameterized queries* and keep your SQL safe.
>
> OK. What are parameterized queries? Can you give an example?
>
I've no idea what database you're connecting to, what library you're
using, or anything, but it would look something like this:
conn.execute("insert into hashes values (?)", [hash])
Look up the documentation for what you're working with. It will have a
way to do this.
ChrisA
More information about the Python-list
mailing list