Hi, as several nice people from this list told me, SQLAlchemy uses bound parameters by default so that ordinary SQL injections are not possible anymore.
However, I want to escape search patterns in like-queries, e.g.: "User.c.username.like('%' + userinput + '%')" Of course, I can write my own function to escape all pattern characters but as always it seems to be more secure to use existing functions. After looking at the documentation for SQLAlchemy 0.3.10, I did not find an escape function. So just a quick question: Does SQLAlchemy come with a function to escape patterns? thank you very much fs --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalchemy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en -~----------~----~----~----~------~----~------~--~---