dave lilley wrote:
> Sorry for posting twice but...
>
> how does the method you have given me differ to mine?
>
> eg lets say this is the scenario....
>
> uservar = "delete * from customers where * = *"
>
>
>>> e.g. stmt = "select * from customers where cust_no = #{uservar}"
>>> row = db.execute(stmt)
>>>
This will put the contents of uservar into the stmt.
On the other hand, the other code:
> stmt = "select * from customers where cust_no = ?"
>
> row = db.execute(stmt, uservar)
>
will escape the uservar to make sure it is 'safe'.
Hope this helps.
Cheers,
Mohit.
6/15/2009 | 7:33 PM.
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
