sql escaping module

Fredrik Lundh fredrik at pythonware.com
Thu Dec 8 07:21:41 CET 2005


David Bear wrote:

> Being new to pgdb, I'm finding there are lot of things I don't understand
> when I read the PEP and the sparse documentation on pgdb.
>
> I was hoping there would be a module that would properly escape longer text
> strings to prevent sql injection -- and other things just make sure the
> python string object ends up being a properly type for postgresql. I've
> bought 3 books on postgresql and none of th code samples demonstrate this.
>
> web searchs for 'python sql escape  string' yeild way too many results.
>
> Any pointers would be greatly appreciated.

for x in range(1000000):
    print "USE PARAMETERS TO PASS VALUES TO THE DATABASE"

</F>






More information about the Python-list mailing list