Steve Holden steve at holdenweb.com
Thu Jan 7 03:43:29 CET 2010

Steve Holden wrote:
> John Machin wrote:
> [...]
>> I note that in the code shown there are examples of building an SQL
>> query where the table name is concocted at runtime via the %
>> operator ... key phrases: "bad database design" (one table per
>> store!), "SQL injection attack"
> I'm not trying to defend the code overall, but most databases won't let
> you parameterize the table or column names, just the data values.
And, apropos of nothing in particular, here's a completely gratuitous
additional chance to tell me off again for spamming the list about a


Steve Holden           +1 571 484 6266   +1 800 494 3119
PyCon is coming! Atlanta, Feb 2010  http://us.pycon.org/
Holden Web LLC                 http://www.holdenweb.com/
UPCOMING EVENTS:        http://holdenweb.eventbrite.com/

More information about the Python-list mailing list