Steve Holden wrote: > John Machin wrote: > [...] >> I note that in the code shown there are examples of building an SQL >> query where the table name is concocted at runtime via the % >> operator ... key phrases: "bad database design" (one table per >> store!), "SQL injection attack" >> > I'm not trying to defend the code overall, but most databases won't let > you parameterize the table or column names, just the data values. > And, apropos of nothing in particular, here's a completely gratuitous additional chance to tell me off again for spamming the list about a conference:
http://holdenweb.blogspot.com/2010/01/register-for-pycon-or-kitten-gets-it.html regards Steve -- Steve Holden +1 571 484 6266 +1 800 494 3119 PyCon is coming! Atlanta, Feb 2010 http://us.pycon.org/ Holden Web LLC http://www.holdenweb.com/ UPCOMING EVENTS: http://holdenweb.eventbrite.com/ -- http://mail.python.org/mailman/listinfo/python-list