String substitution VS proper mysql escaping

Νίκος nikos.the.gr33k at gmail.com
Thu Aug 19 09:10:00 CEST 2010


On 18 Αύγ, 12:50, Cameron Simpson <c... at zip.com.au> wrote:

>
> ("nikos",) is a single element tuple.
> ["nikos"] is a single element list.
> ["nikos",] is also a single element list, just written like the tuple.


It makes more sense if i:

"nikos" is just a string
("nikos") is a single element tuple
["nikos"] is also a single element list


After all () used to define tuples and [] usedd to define lists. Why
commas?

Also is there a difference between 'nikos' or "nikos" or '''nikos''' ?
What's and why best to use to enclose strings?

===========================

Why in mysql string substitution example i have to use page='%s' and
in the comma way(automatic mysql converetion i dont need the single
quotes page=%s ?
What is the diff?

===========================

Why http://webville.gr/index.html?page="100 ; DELETE FROM visitors;
SELECT * FROM visitors"

don't reproduce the problem of actual deleting my data to demonstrate
the wrongness of string substitution in mysql queries?

I don't care losing my data! The page is there to helpe me learn
python and mysql.

I just want to see that happening with my own eyes!

Thanks again fols for all your precious help and explanations.



More information about the Python-list mailing list