[issue11685] possible SQL injection into db APIs via table names... sqlite3

Rene Dudfield report at bugs.python.org
Sun Mar 27 10:19:55 CEST 2011

Rene Dudfield <illume at users.sourceforge.net> added the comment:


aaah, ok.

It seems to require the use of a quote function.  See http://www.sqlite.org/c3ref/mprintf.html  

However python does not seem to expose the function?  I don't see how you can write safe queries using python without it.


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list