In message <[email protected]>, Dennis Lee Bieber wrote:
> On Thu, 28 May 2009 20:57:13 +1200, Lawrence D'Oliveiro > <[email protected]_zealand> declaimed the following in > gmane.comp.python.general: > >>> >>> >>> db.literal((... "%wildcard%" ...)) >>> (... "'%wildcard%'" ...) >> >> Doesn't look like it worked, does it? > > If the problem is that you have /user/ input that may have a % sign > that should NOT be treated as a wildcard, the solution is to train said > user... Sounds like a good solution to SQL-injection vulnerabilities, isn't it? Wonder why no-one thought of that before? -- http://mail.python.org/mailman/listinfo/python-list
