[BangPypers] [ANN][X-Post] SciPy India conference in Dec. 2009
noufal at gmail.com
Sat Oct 10 17:05:24 CEST 2009
On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten <carl at personnelware.com> wrote:
> I need to inject...
> The line should be:
> cursor.execute(query, ('burger', '2009-09-10 12:00:00'))
Ah. Then it's just a case of the API doing the quoting internally
which points to a better API than a better language.
> and to keep it more like the php example:
> cursor.execute(query, (productname, buy_datetime))
Yes. That would be closer.
> I have done 2 php pages and a bunch of python. My guess is PHP makes
> it easier to write vulnerable code, but I am really going on on a limb
> here, so I'll not try to support this notion.
Yes. I think so too. However, something being in PHP alone doesn't
disqualify it as a robust and secure product.
More information about the BangPypers