query = SELECT * FROM DB WHERE NAME = %s % (name)
cursor.execute(query)
There can be security issues with this style, especially
if the parameters can be modified by users - for example
you read the values from a web page.
The cursor.execute() call has the ability to pass the parameters
in
On Thursday 12 October 2006 00:31, Alan Gauld wrote:
query = SELECT * FROM DB WHERE NAME = %s % (name)
cursor.execute(query)
There can be security issues with this style, especially
if the parameters can be modified by users - for example
you read the values from a web page.
The
On Thursday 12 October 2006 07:14, Jason Massey wrote:
On 10/12/06, johnf [EMAIL PROTECTED] wrote:
On Thursday 12 October 2006 00:31, Alan Gauld wrote:
query = SELECT * FROM DB WHERE NAME = %s % (name)
cursor.execute(query)
There can be security issues with this style, especially
On Thu, 2006-10-12 at 14:46 -0700, johnf wrote:
On Thursday 12 October 2006 07:14, Jason Massey wrote:
On 10/12/06, johnf [EMAIL PROTECTED] wrote:
On Thursday 12 October 2006 00:31, Alan Gauld wrote:
query = SELECT * FROM DB WHERE NAME = %s % (name)
cursor.execute(query)
(snipped)
i m running a mysql database, i create the connections and such using MySQLdb.
someone told me that queries like
query = SELECT* FROM DB WHERE NAME = %s % (name)
cursor.execute(query)
thats the syntax that i use, but someone told me not to use it, i m new to the db accessing thing, so if anyone