Sqlite3. Substitution of names in query.
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Sat Oct 31 04:32:19 EDT 2009
In message <mailman.2357.1256964121.2807.python-list at python.org>, Dennis Lee
Bieber wrote:
> This way regular string interpolation operations (or whatever Python
> 3.x has replaced it with) are safe to construct the SQL, leaving only
> user supplied (or program generated) data values to be passed via the
> DB-API parameter system -- so that they are properly escaped and
> rendered safe.
Mixing the two is another recipe for confusion and mistakes.
More information about the Python-list
mailing list