dave lilley wrote: > Sorry for posting twice but... > > how does the method you have given me differ to mine? > > eg lets say this is the scenario.... > > uservar = "delete * from customers where * = *" > > >>> e.g. stmt = "select * from customers where cust_no = #{uservar}" >>> row = db.execute(stmt) >>> This will put the contents of uservar into the stmt.
On the other hand, the other code: > stmt = "select * from customers where cust_no = ?" > > row = db.execute(stmt, uservar) > will escape the uservar to make sure it is 'safe'. Hope this helps. Cheers, Mohit. 6/15/2009 | 7:33 PM. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users