Say I create an instance of a mapped class and then attach some values
to it.
And want to do session.add.
If you're worried about something like this:
user = User()
user.name = ;DROP TABLE users;
session.add(user)
then don't be, there is no possibility of SQL injection here,
Think about it this way:
There's two kinds of strings when you're dealing with SQL: 1) SQL
language, 2) your data input. Don't ever include (2) in (1) –– let the
API do it.
\malthe
On 4 July 2011 21:41, Krishnakant Mane krm...@gmail.com wrote:
Hello all.
I use Pylons 0.9.7 and sqlalchemy.
I
Can you give an example of sql injection working with ORM? Some sample
code etc.
On Jul 5, 5:41 am, Krishnakant Mane krm...@gmail.com wrote:
Hello all.
I use Pylons 0.9.7 and sqlalchemy.
I use the Object Relational Mapper with declarative syntax in a few of
my modules.
I was reading chapter
On 05/07/11 03:03, Malthe Borch wrote:
Think about it this way:
There's two kinds of strings when you're dealing with SQL: 1) SQL
language, 2) your data input. Don't ever include (2) in (1) –– let the
API do it.
How does one do this with the orm?
I am talking about things like session.add