On Wednesday 02 May 2007 12:05, Tobiah wrote: > >> In addition to the above good advice, in case you are submitting a query >> to a DB-API compliant SQL database, you should use query parameters >> instead of building the query with string substitution. > > I tried that a long time ago, but I guess I found it to be > more awkward. I imagine that it is quite a bit faster that way? > I'm using MySQLdb.
The issue is not speed, it's security. Query parameters are automatically escaped to prevent SQL injection attacks. j -- Joshua Kugler Lead System Admin -- Senior Programmer http://www.eeinternet.com PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE -- Posted via a free Usenet account from http://www.teranews.com -- http://mail.python.org/mailman/listinfo/python-list