Escaping optional parameter in WHERE clause

andrew cooke andrew at acooke.org
Mon Mar 23 13:58:46 CET 2009


note that your version is open to sql injection attacks, while mrab's
reply isn't.  andrew

someone wrote:
>         if mf:
>             mf = " AND mf = %s " % mf
>         if age:
>             age = " AND age = %s " % age





More information about the Python-list mailing list