[Tutor] preventing SQL injection
jfabiani at yolo.com
Fri Jan 11 19:28:59 CET 2008
On Friday 11 January 2008 10:20:13 am Alan Gauld wrote:
> "johnf" <jfabiani at yolo.com> wrote
> > and should be doing
> > tempCursor.execute ( "Select pg_get_serial_sequence ( %s, %s ) as
> > seq", ( 'public.arcust', 'pkid' ) )
> > which prevented SQL injection.
> The syntax of the execute statement varies by database
> Which DB are you using. For example SQLite uses ?
> instead of %s indicators.
> Could that be the issue? Have you checked the DB-API
> guide for your database?
all's working now - thanks
More information about the Tutor