[Tutor] preventing SQL injection
johnf
jfabiani at yolo.com
Fri Jan 11 19:28:59 CET 2008
On Friday 11 January 2008 10:20:13 am Alan Gauld wrote:
> "johnf" <jfabiani at yolo.com> wrote
>
> > and should be doing
> > tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
> > seq", ( 'public.arcust', 'pkid' ) )
> >
> > which prevented SQL injection.
>
> The syntax of the execute statement varies by database
> Which DB are you using. For example SQLite uses ?
> instead of %s indicators.
>
> Could that be the issue? Have you checked the DB-API
> guide for your database?
>
> HTH,
all's working now - thanks
--
John Fabiani
More information about the Tutor
mailing list