TypeError
Steve Holden
steve at holdenweb.com
Wed Jan 6 21:38:23 EST 2010
John Machin wrote:
[...]
> I note that in the code shown there are examples of building an SQL
> query where the table name is concocted at runtime via the %
> operator ... key phrases: "bad database design" (one table per
> store!), "SQL injection attack"
>
I'm not trying to defend the code overall, but most databases won't let
you parameterize the table or column names, just the data values.
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
PyCon is coming! Atlanta, Feb 2010 http://us.pycon.org/
Holden Web LLC http://www.holdenweb.com/
UPCOMING EVENTS: http://holdenweb.eventbrite.com/
More information about the Python-list
mailing list