MSSQL LIKE and IN statements in ADO problem

gregarican greg.kujawa at
Wed Jan 18 18:27:13 CET 2006

Steve Holden wrote:

> Now Google for "sql injection vulnerability" and tell us why this is a
> bad idea.

The original poster didn't specify if they were writing
production-level code on in Internet-facing server so I didn't exactly
infer a context. You are correct in your statement. I was just pointing
out how substitutions operate if they were indeed an option.

More information about the Python-list mailing list