On 08/11/2018 07:46, Peter Otten wrote: > By the way I don't think exec() is bad as long as you control its input and > as long as this input is fairly simple.
Yes, but reading arbitrary column names from a database is not exactly controlled input... -- Alan G Author of the Learn to Program web site http://www.alan-g.me.uk/ http://www.amazon.com/author/alan_gauld Follow my photo-blog on Flickr at: http://www.flickr.com/photos/alangauldphotos _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor