[Tutor] Handling MySQLdb exceptions
Kent Johnson
kent37 at tds.net
Wed Dec 19 20:39:06 CET 2007
Paul Schewietzek wrote:
> Just so you don't need to wonder: The .csv-file I give to the script for
> testing is absolutely OK.
Except that it contains data that the insert statement doesn't
like...does it contain any blank lines? Printing 'line' in the exception
handler would be useful.
Also this code is vulnerable to SQL injection attacks, if you don't
trust the source of the input file you should not use this. For example
if the file contained a line like
titel, vorname, nachname, strasse, hausnummer, plz, ort,
rufnummer,datum); delete from pool; --
that would be bad.
More information about the Tutor
mailing list