marc wyburn wrote:
Hi and thanks,
I was hoping to avoid having to weld qmarks together but I guess
that's why people use things like SQL alchemy instead. It's a good
lesson anyway.
The '?' substitution is there to safely handle untrusted input. You
*don't* want to pass in arbitrary user data into random parts of an SQL
statement (or your database will get 0wned). I think of it as a
reminder that when you have to construct your own query template by
using "... %s ..." % (foo) to bypass this limitation, that you had
better be darn sure the parameters you are passing in are safe.
Kris
--
http://mail.python.org/mailman/listinfo/python-list
