how to replace and string in a "SELECT ... IN ()"

D'Arcy J.M. Cain darcy at
Fri Sep 26 21:21:58 CEST 2008

On Fri, 26 Sep 2008 14:04:35 -0500
"Michael Mabin" <d3vvnull at> wrote:
> Doesn't it depend on where and why you intend to execute the code?
> Obviously some SQL is more at risk for exploit when the input is from the
> screen on a web page than if you were running parameterized code in a
> controlled batch environment.  Or if you were writing code generators (which
> is what I happen to do) which won't be run by the general public.
> Incidentally, couldn't input field edits prevent such exploits prior to
> interpolation?

I encourage my competitors to program that way.

D'Arcy J.M. Cain <darcy at>         |  Democracy is three wolves                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.

More information about the Python-list mailing list