[BangPypers] [ANN][X-Post] SciPy India conference in Dec. 2009

Noufal Ibrahim noufal at gmail.com
Sat Oct 10 17:05:24 CEST 2009


On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten <carl at personnelware.com> wrote:
[..]
> I need to inject...
>
> The line should be:
>
> cursor.execute(query, ('burger', '2009-09-10 12:00:00'))

Ah. Then it's just a case of the API doing the quoting internally
which points to a better API than a better language.

> and to keep it more like the php example:
> cursor.execute(query, (productname, buy_datetime))

Yes. That would be closer.

[..]
> I have done 2 php pages and a bunch of python.  My guess is PHP makes
> it easier to write vulnerable code, but I am really going on on a limb
> here, so I'll not try to support this notion.

Yes. I think so too. However, something being in PHP alone doesn't
disqualify it as a robust and secure product.


-- 
~noufal
http://nibrahim.net.in


More information about the BangPypers mailing list