String substitution VS proper mysql escaping
nikos.the.gr33k at gmail.com
Thu Aug 19 09:10:00 CEST 2010
On 18 Αύγ, 12:50, Cameron Simpson <c... at zip.com.au> wrote:
> ("nikos",) is a single element tuple.
> ["nikos"] is a single element list.
> ["nikos",] is also a single element list, just written like the tuple.
It makes more sense if i:
"nikos" is just a string
("nikos") is a single element tuple
["nikos"] is also a single element list
After all () used to define tuples and  usedd to define lists. Why
Also is there a difference between 'nikos' or "nikos" or '''nikos''' ?
What's and why best to use to enclose strings?
Why in mysql string substitution example i have to use page='%s' and
in the comma way(automatic mysql converetion i dont need the single
quotes page=%s ?
What is the diff?
Why http://webville.gr/index.html?page="100 ; DELETE FROM visitors;
SELECT * FROM visitors"
don't reproduce the problem of actual deleting my data to demonstrate
the wrongness of string substitution in mysql queries?
I don't care losing my data! The page is there to helpe me learn
python and mysql.
I just want to see that happening with my own eyes!
Thanks again fols for all your precious help and explanations.
More information about the Python-list