Another MySQL Problem
Stephen Hansen
ixokai at ixokai.io
Wed Jun 23 14:41:03 EDT 2010
On Jun 23, 2010, at 11:20 AM, Victor Subervi <victorsubervi at gmail.com>
wrote:
On Wed, Jun 23, 2010 at 12:51 PM, Stephen Hansen <ixokai at ixokai.io> wrote:
> The problem is not this line but:
>
>
> File "/var/www/html/globalsolutionsgroup.vi/mailSpreadsheet.py", line
> 38, in mailSpreadsheet
> cursor.execute('select * from %s', (client,))
>
>
> This one.
>
Yes, can't use the comma, must use the percent. Will be the death of me.
No, it is really --- never use the percent, always use the comma, redesign
your table layout so percent is unneeded. Fold all the properties tables
into one.
The above with a percent is a security risk. The code is vulnerable to
attack. Considering said vulnerability is now published online-- what can be
attacked will be attacked :)
--Stephen via iPad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20100623/c66c79f0/attachment.html>
More information about the Python-list
mailing list