Leif Biberg Kristensen wrote:
> So. I've been writing SQL queries in Python like this, using PostgreSQL
> and psycopg:
>
> cursor.execute("select * from foo where bar=%s" % baz)
>
> Is that wrong, and how should I have been supposed to know that this is
> bad syntax?
do you get paid to write security sensitive applications? if so, you should
know why that is bad, and what to do instead.
> No doc I have seen actually has told me so.
well, the DB-API specification spends enough time talking about para-
meters for you to figure out that maybe, just maybe, you should learn what
they are.
</F>
--
http://mail.python.org/mailman/listinfo/python-list
