* Kent Johnson <ken...@tds.net> [090808 05:06]:
> On Fri, Aug 7, 2009 at 10:18 PM, Tim Johnson<t...@johnsons-web.com> wrote:
>
> If you use the two argument form of cursor.execute - passing the
> parameter values in a sequence, rather than substituting them yourself
> - then you have to worry about injection attacks. The DB-API module
> should take care of any required escaping.
Oh! Good to hear. Never use the two argument form.
>
> You have to explicitly import subpackages. Try
> import MySQLdb.cursors
Understood. And now probably now not necessary.
thanks
--
Tim
t...@johnsons-web.com
http://www.akwebsoft.com
_______________________________________________
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
