[Tutor] Updating MySQL Database
christopher.henk at allisontransmission.com
christopher.henk at allisontransmission.com
Wed Oct 10 20:59:02 CEST 2007
That Slashdot comment makes so much more sense now.
Chris Henk
Allison Transmission
phone: 317.242.2569
cell: 765.337.8769
fax: 317.242.3469
e-mail: christopher.henk at allisontransmission.com
Kent Johnson <kent37 at tds.net>
Sent by: tutor-bounces at python.org
10/10/2007 08:52 AM
To
Python Tutorlist <tutor at python.org>
cc
Subject
Re: [Tutor] Updating MySQL Database
Kent Johnson wrote:
> It
> also looks like you are embedding the data in the SQL command, this is
> very bad practice, it opens you to SQL injection attacks
For a humorous explanation of why you don't want to directly embed data
into SQL commands, see today's xkcd:
http://xkcd.com/327/
Kent
_______________________________________________
Tutor maillist - Tutor at python.org
http://mail.python.org/mailman/listinfo/tutor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20071010/aeaf20e3/attachment.htm
More information about the Tutor
mailing list