MySQLdb not allowing hyphen

Emeka emekamicro at gmail.com
Sun Feb 5 17:41:24 EST 2012


Hello All,

I noticed that MySQLdb not allowing hyphen may be way to prevent injection
attack.
I have something like below:

"insert into reviews(message, title)values('%s', '%s')" %( "We don't know
where to go","We can't wait till morrow" )

ProgrammingError(1064, "You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near 't know where to go.

How do I work around this error?

Regards,
Emeka
-- 
*Satajanus  Nig. Ltd


*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20120206/e9dfbc25/attachment.html>


More information about the Python-list mailing list