Protecting against SQL injection

Paul Rubin http
Tue Oct 24 09:47:55 CEST 2006


Tor Erik Soenvisen <toreriks at hotmail.com> writes:
>         # Protect against SQL injection by escaping quotes

Don't ever do that, safe or not.  Use query parameters instead.
That's what they're for.



More information about the Python-list mailing list