Povodne tam bolo: "SELECT * FROM users WHERE name='root' AND password=%s" % password a treba aby sa to spustalo: cursor.execute( "SELECT * FROM users WHERE name='root' AND password=%s", password)
DB API pouziva %s ako placeholdery namiesto ? 2009/3/19 Dan Pressl <nu.f...@gmail.com>: > Ja nechci rejpat, ale nemelo by misto: > > %s > > byt spis: > > ? > > aby nemohlo dojit tak snadno k SQL Injection ? > > 2009/3/19 <calis.mar...@seznam.cz>: >> Dobrý den, mám problémy se spoluprací se sql serverem: >> >> server my vrací chybu: >> ProgrammingError: (1064, 'You have an error in your SQL syntax; check the >> manual that corresponds to your MySQL server version for the right syntax to >> use near >> \'\xa1A\x91k\xc7\xde\x17M\xe0j\xec\xc2\xf1(,iq|\x839;&\x17\xc4\xc1\xcc\x04\x93\x0e\xc81R\xf5UB&\xd1\xaf\xb4P"\' >> at line 1') >> >> >> při interpretaci: "SELECT * FROM users WHERE name='root' AND password=%s" % >> password >> > > > -- > ^nu.friX > aka Dan Pressl > Reality is useless & F4Q DMNC!!! > Every syntax creates code. And code is poetry. > _______________________________________________ > Python mailing list > Python@py.cz > http://www.py.cz/mailman/listinfo/python > _______________________________________________ Python mailing list Python@py.cz http://www.py.cz/mailman/listinfo/python