'ascii' codec can't encode character u'\u2013'
John J. Lee
jjl at pobox.com
Fri Sep 30 16:07:56 EDT 2005
deelan <ggg at zzz.it> writes:
[...]
> query = "UPDATE blogs_news SET text = %s WHERE id=%s"
> cursor.execute(query, (text_extrated, id))
>
> so mysqldb will take care to quote text_extrated automatically. this
> may not not your problem, but it's considered "good style" when dealing
> with dbs.
[...]
More than just good style: it prevents SQL injection attacks that
could otherwise allow people to do bad things to your databases.
John
More information about the Python-list
mailing list