I wish that [].append(x) returned [x]

Joshua J. Kugler joshua at eeinternet.com
Wed May 2 17:45:48 EDT 2007


On Wednesday 02 May 2007 12:05, Tobiah wrote:

> 
>> In addition to the above good advice, in case you are submitting a query
>> to a DB-API compliant SQL database, you should use query parameters
>> instead of building the query with string substitution.
> 
> I tried that a long time ago, but I guess I found it to be
> more awkward.  I imagine that it is quite a bit faster that way?
> I'm using MySQLdb.

The issue is not speed, it's security.  Query parameters are automatically
escaped to prevent SQL injection attacks.

j

-- 
Joshua Kugler
Lead System Admin -- Senior Programmer
http://www.eeinternet.com
PGP Key: http://pgp.mit.edu/  ID 0xDB26D7CE

-- 
Posted via a free Usenet account from http://www.teranews.com




More information about the Python-list mailing list