Protecting against SQL injection

Fredrik Lundh fredrik at pythonware.com
Tue Oct 24 11:03:12 CEST 2006


Ben Finney wrote:

> More specifically: They've been debugged for just these kinds of
> purposes

in a well-designed database, the SQL parser never sees the parameter values,
so *injection* attacks are simply not possible.

</F> 






More information about the Python-list mailing list