[Tutor] Overriding MySQLdb.cursors.DictCursor.execute()
Tim Johnson
tim at johnsons-web.com
Sat Aug 8 17:38:23 CEST 2009
* Kent Johnson <kent37 at tds.net> [090808 05:06]:
> On Fri, Aug 7, 2009 at 10:18 PM, Tim Johnson<tim at johnsons-web.com> wrote:
>
> If you use the two argument form of cursor.execute - passing the
> parameter values in a sequence, rather than substituting them yourself
> - then you have to worry about injection attacks. The DB-API module
> should take care of any required escaping.
Oh! Good to hear. Never use the two argument form.
>
> You have to explicitly import subpackages. Try
> import MySQLdb.cursors
Understood. And now probably now not necessary.
thanks
--
Tim
tim at johnsons-web.com
http://www.akwebsoft.com
More information about the Tutor
mailing list