Hi;
A lister recently responded to my post concerning mysl commands of the
following type:
cursor.execute('insert into foo values (%s, %s)' % (bar, something))
stating that I need to eliminate the "%" to prevent injection attacks, thus:
cursor.execute('insert into foo values (%s, %s)', (bar, something))
My question is simply this: Is that advice good for *all* mysql commands? Or
are there some where the "%" is necessary and a comma would fail? I need to
update lots of mysql commands. If I can do it without harmful consequences,
I'll do it across the board. Otherwise, I'll have to test each one.
TIA,
beno
--
http://mail.python.org/mailman/listinfo/python-list
