Protecting against SQL injection

Fredrik Lundh fredrik at
Tue Oct 24 11:03:12 CEST 2006

Ben Finney wrote:

> More specifically: They've been debugged for just these kinds of
> purposes

in a well-designed database, the SQL parser never sees the parameter values,
so *injection* attacks are simply not possible.


More information about the Python-list mailing list