Can you give an example of sql injection working with ORM? Some sample code etc.
On Jul 5, 5:41 am, Krishnakant Mane <krm...@gmail.com> wrote: > Hello all. > I use Pylons 0.9.7 and sqlalchemy. > I use the Object Relational Mapper with declarative syntax in a few of > my modules. > I was reading chapter 7 of the Pylons book and I understood that sql > injections can be avoided using the expression api. > But can this be also done using ORM? > I tryed on my software and sql injections do work. > Is it possible to avoide it with ORM or will i have to totally avoide > using an ORM layer of sqlalchemy and only use the expression api? > Happy hacking. > Krishnakant. -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalchemy@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.