[issue11685] possible SQL injection into db APIs via table names... sqlite3
Martin v. Löwis
report at bugs.python.org
Mon Mar 28 23:42:21 CEST 2011
Martin v. Löwis <martin at v.loewis.de> added the comment:
> Aren’t you supposed to use the DB API to get safe queries?
> http://docs.python.org/dev/library/sqlite3
Yes, but the OP complains that the DB API doesn't support specification
of the table name from a parameter. So the DB API won't help here.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11685>
_______________________________________
More information about the Python-bugs-list
mailing list