formating query with empty parameter

Peter Otten __peter__ at web.de
Mon May 25 12:45:26 EDT 2009 

Pet wrote:

> On May 25, 2:50 pm, Peter Otten <__pete... at web.de> wrote:

>> cursor.execute(query, *values) # wrong
> 
> as far as I know it is not wrong, at least for pyPgSQL it takes values
> and escapes properly preventing sql injections

If so replace "# wrong" with "# superfluous" ;)

Peter

More information about the Python-list mailing list