Good catch!
Unless you're doing this for simple local testing, this doesn't look like
safe practice...
On Wed, Nov 5, 2008 at 12:16 PM, Stefan Scholl <[EMAIL PROTECTED]>wrote:
>
> Hi!
>
> In controller file default.py:
>
> data = ZipFile(StringIO(urlopen("http://www.maxmind.com/download/
> geoip/database/GeoIPCountryCSV.zip<http://www.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip>
> ").read()))
> data = StringIO(data.read(data.namelist()[0]))
> while True:
> chunk = data.readline()
> if not chunk: break
> cursor.execute("insert into geoip (begin_ip, end_ip,
> begin_num,
> end_num, code, name) values (" + chunk + ")")
>
> This doesn't give a good example for other programmers. Some external
> data gets injected into an SQL statement.
>
>
> Regards,
> Stefan
>
> PS: And there's not a single comment in this file.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
