formating query with empty parameter

Peter Otten __peter__ at web.de
Mon May 25 18:45:26 CEST 2009


Pet wrote:

> On May 25, 2:50 pm, Peter Otten <__pete... at web.de> wrote:

>> cursor.execute(query, *values) # wrong
> 
> as far as I know it is not wrong, at least for pyPgSQL it takes values
> and escapes properly preventing sql injections

If so replace "# wrong" with "# superfluous" ;)

Peter




More information about the Python-list mailing list