[issue11685] possible SQL injection into db APIs via table names... sqlite3
Rene Dudfield
report at bugs.python.org
Sat Mar 26 18:20:31 CET 2011
Rene Dudfield <illume at users.sourceforge.net> added the comment:
The bug in python is that you can not use parameter substitution to put the table names into the queries. So people are forced to use string substitution instead.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11685>
_______________________________________
More information about the Python-bugs-list
mailing list