In message <[email protected]>, Dennis Lee Bieber wrote:
> This way regular string interpolation operations (or whatever Python > 3.x has replaced it with) are safe to construct the SQL, leaving only > user supplied (or program generated) data values to be passed via the > DB-API parameter system -- so that they are properly escaped and > rendered safe. Mixing the two is another recipe for confusion and mistakes. -- http://mail.python.org/mailman/listinfo/python-list
