Hi,
as several nice people from this list told me, SQLAlchemy uses bound
parameters by default so that ordinary SQL injections are not possible
anymore.
However, I want to escape search patterns in like-queries, e.g.:
"User.c.username.like('%' + userinput + '%')"
Of course, I can write my own function to escape all pattern characters
but as always it seems to be more secure to use existing functions.
After looking at the documentation for SQLAlchemy 0.3.10, I did not find
an escape function.
So just a quick question: Does SQLAlchemy come with a function to escape
patterns?
thank you very much
fs
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To post to this group, send email to sqlalchemy@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/sqlalchemy?hl=en
-~----------~----~----~----~------~----~------~--~---
