my $sort = $cgi->param( "sort" ); my $query = "SELECT * FROM table WHERE id=? ORDER BY $sort";
And the equivalent Python code:
cursor.execute('SELECT * FROM table WHERE id=%%s ORDER BY %s' % sort, [some_id])
You're right, of course, about being *able* to write code with SQL injection vulnerabilities in Python. But it's not even close to being as easy as in PHP.
--
http://mail.python.org/mailman/listinfo/python-list
