Leif Biberg Kristensen wrote: > So. I've been writing SQL queries in Python like this, using PostgreSQL > and psycopg: > > cursor.execute("select * from foo where bar=%s" % baz) > > Is that wrong, and how should I have been supposed to know that this is > bad syntax?
do you get paid to write security sensitive applications? if so, you should know why that is bad, and what to do instead. > No doc I have seen actually has told me so. well, the DB-API specification spends enough time talking about para- meters for you to figure out that maybe, just maybe, you should learn what they are. </F> -- http://mail.python.org/mailman/listinfo/python-list