Using the vaious documented methods of using "GqlQuery" http://code.google.com/appengine/docs/python/datastore/creatinggettinganddeletingdata.html#Getting_Entities_Using_a_Query
ie using Parameters to build the query. Rather than string concatenation. ... should protect you. The SQL like interface to the Datastore is invulnerable to most forms anyway. Colon (:) Parameters will protect from the rest. On 26 November 2010 12:34, pdknsk <pdk...@googlemail.com> wrote: > I've only started using SQL language, or databases in general, with > Google App Engine, and have been wondering if I need to be cautious > about possible SQL Injection. I suppose this is already taken care of > by design, but just wanted to clarify. Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.