In message <mailman.2376.1257005738.2807.python-l...@python.org>, Carsten Haese wrote:
> Lawrence D'Oliveiro wrote: > >> In message <mailman.2357.1256964121.2807.python-l...@python.org>, Dennis >> Lee Bieber wrote: >> >>> This way regular string interpolation operations (or whatever Python >>> 3.x has replaced it with) are safe to construct the SQL, leaving only >>> user supplied (or program generated) data values to be passed via the >>> DB-API parameter system -- so that they are properly escaped and >>> rendered safe. >> >> Mixing the two is another recipe for confusion and mistakes. > > Mixing the two is necessary. > ... > As long as you understand what you're doing, there should be no confusion. > (And if you don't understand what you're doing, you shouldn't be doing > it!) But if you understand what you're doing, you don't need to mix the two. -- http://mail.python.org/mailman/listinfo/python-list
