[Tutor] Overriding MySQLdb.cursors.DictCursor.execute()

Tim Johnson tim at johnsons-web.com
Sat Aug 8 17:38:23 CEST 2009


* Kent Johnson <kent37 at tds.net> [090808 05:06]:
> On Fri, Aug 7, 2009 at 10:18 PM, Tim Johnson<tim at johnsons-web.com> wrote:
> 
> If you use the two argument form of cursor.execute - passing the
> parameter values in a sequence, rather than substituting them yourself
> - then you have to worry about injection attacks. The DB-API module
> should take care of any required escaping.
 
   Oh! Good to hear. Never use the two argument form.
> 
> You have to explicitly import subpackages. Try
> import MySQLdb.cursors
  Understood. And now probably now not necessary.
  thanks
-- 
Tim 
tim at johnsons-web.com
http://www.akwebsoft.com


More information about the Tutor mailing list