On Wednesday, April 6, 2011 11:41:24 AM UTC-4, Νικόλαος Κούρας wrote:
> On 6 Απρ, 16:54, "eryksun ()" <[email protected]> wrote:
>
> > You can also use an empty string as the default value when getting the
> > field value
>
> Please provide me an example.
import cgi
form = cgi.FieldStorage()
user = form.getfirst("user", "")
Here's the relevant section of the cgi docs:
http://docs.python.org/library/cgi.html#higher-level-interface
But it depends on your set up. Are you using mod_wsgi, mod_python, etc? Will
you be using a framework such as Django or web2py?
> Can you please also provide an example of what happens if i use the
> special formatting identidier `%` instead of a comma?
All of the formatting for adding extra quotes and escaping special characters
can be done with normal string formatting (which I neglected to do). But that's
not counting the most important reason to let the database handle the
operation: the potential for an attacker to inject SQL commands into form
values (e.g., to drop all of your tables). So let the database handle
formatting the strings and escaping any SQL statements contained therein.
--
http://mail.python.org/mailman/listinfo/python-list
