MRAB wrote:
> someone wrote:
>> Hi,
>>
>> as you can see below I have some optional parameter for my query (mf,
>> age). They are in WHERE clause only if not empty.
>> In this function they are not escaped as, for example, 'search'
>> parameter, cause I can't pass them to execute function, which do
On Mar 23, 1:48 pm, MRAB wrote:
> someone wrote:
> > Hi,
>
> > as you can see below I have some optional parameter for my query (mf,
> > age). They are in WHERE clause only if not empty.
> > In this function they are not escaped as, for example, 'search'
> > parameter, cause I can't pass them to e
ah, sorry, from title i guess you were aware of this. andrew
andrew cooke wrote:
> note that your version is open to sql injection attacks, while mrab's
> reply isn't. andrew
>
> someone wrote:
>> if mf:
>> mf = " AND mf = %s " % mf
>> if age:
>> age = "
note that your version is open to sql injection attacks, while mrab's
reply isn't. andrew
someone wrote:
> if mf:
> mf = " AND mf = %s " % mf
> if age:
> age = " AND age = %s " % age
--
http://mail.python.org/mailman/listinfo/python-list
someone wrote:
Hi,
as you can see below I have some optional parameter for my query (mf,
age). They are in WHERE clause only if not empty.
In this function they are not escaped as, for example, 'search'
parameter, cause I can't pass them to execute function, which does
escaping automatically.
I
Hi,
as you can see below I have some optional parameter for my query (mf,
age). They are in WHERE clause only if not empty.
In this function they are not escaped as, for example, 'search'
parameter, cause I can't pass them to execute function, which does
escaping automatically.
I could write anot
