In article ,
Christian Heimes wrote:
>
>You *MUST NOT* use string formatting for SQL commands unless you
>carefully quote and validate the strings. Otherwise your SQL application
>is vulnerable to SQL injection attacks. SQL injections are one of the
>most common and devastating attacks for web
Am 22.05.2010 18:09, schrieb Adam Tauno Williams:
On Sat, 2010-05-22 at 18:06 +0200, Christian Heimes wrote:
A lister recently responded to my post concerning mysl commands of the
following type:
cursor.execute('insert into foo values (%s, %s)' % (bar, something))
stating that I need to elimin
On Sat, 2010-05-22 at 18:06 +0200, Christian Heimes wrote:
> > A lister recently responded to my post concerning mysl commands of the
> > following type:
> >
> > cursor.execute('insert into foo values (%s, %s)' % (bar, something))
> >
> > stating that I need to eliminate the "%" to prevent injectio
A lister recently responded to my post concerning mysl commands of the
following type:
cursor.execute('insert into foo values (%s, %s)' % (bar, something))
stating that I need to eliminate the "%" to prevent injection attacks, thus:
cursor.execute('insert into foo values (%s, %s)', (bar, someth
Hi;
A lister recently responded to my post concerning mysl commands of the
following type:
cursor.execute('insert into foo values (%s, %s)' % (bar, something))
stating that I need to eliminate the "%" to prevent injection attacks, thus:
cursor.execute('insert into foo values (%s, %s)', (bar, som
