Diez B. Roggisch deets at
Mon Nov 7 01:53:17 CET 2005

> I hate to ask, but what happens when I enter "a, b, c);DROP DATABASE;" as
> the entry for z_name? (Or some similar attempt to close the
> SQL statement and start a new one). I think you want to google for "SQL
> injection" and think about sanitising user input a bit.

And using the parametrized form of cursor.execute() - which I guess is 
easier to do. But you're right of course, too.



More information about the Python-list mailing list