On Fri, Aug 7, 2009 at 10:18 PM, Tim Johnson<t...@johnsons-web.com> wrote: > Hello: > I am currently using python 2.5 and do a lot of database programming > with MySQLdb. > > I need to tighten up control over queries since I am concerned about > malicious injections.
If you use the two argument form of cursor.execute - passing the parameter values in a sequence, rather than substituting them yourself - then you have to worry about injection attacks. The DB-API module should take care of any required escaping. > It would seem to me that overriding the execute() methods for both > objects would entail the least amount of code maintenance and > modification. I've used python for a long time, but not done much > with object inheritance. > The following code: > class mysql_row_cursor(MySQLdb.cursors.DictCursor): > def __init__(self): > pass > # results in the following error message: > class mysql_row_cursor(MySQLdb.cursors.DictCursor): > AttributeError: 'module' object has no attribute 'cursors' > # say what? MySQLdb has been imported... You have to explicitly import subpackages. Try import MySQLdb.cursors Kent _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
