thanx..... On Mon, Dec 21, 2015 at 8:33 PM, 'Alex Martelli' via Google App Engine < [email protected]> wrote:
> In GQL just as in most every other SQL-like language, it's a serious > mistake to use string formatting (as you're doing) instead of query > parameters. Not only can you get the query syntax wrong, you're opening > yourself to the security problems known as "SQL injection" -- see > https://xkcd.com/327/ . > > Just use query parameters as normal (and, it's truly peculiar to use > semicolons in Python): > > querystring = 'select * from Post where Post.content = :1 order by created > desc' > posts = db.GqlQuery(querystring, 'testing') > > > Alex > > > On Mon, Dec 21, 2015 at 6:20 AM, SHIVAM JINDAL <[email protected]> > wrote: > >> class Profile(BlogHandler): >> def get(self,user_name): >> self.response.out.write(user_name); >> querystring = 'select * from Post where Post.content = %s order >> by created desc' %'testting'; >> posts = greetings = db.GqlQuery(querystring); >> self.render('profile.html', posts = posts) >> >> >> invalid where condition at symbol testting >> >> if I remove where condition it work properly >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/google-appengine. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/google-appengine/ea67cbc3-8a41-4621-8742-580736e2bc06%40googlegroups.com >> <https://groups.google.com/d/msgid/google-appengine/ea67cbc3-8a41-4621-8742-580736e2bc06%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Google App Engine" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/google-appengine/Tl_jlGd_Mc0/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/google-appengine. > To view this discussion on the web visit > https://groups.google.com/d/msgid/google-appengine/CAE46Be8U9Jj5B6_gSLJ_-s%3DpeEOEOH3M0t_wPjqSsNc%2BpWr14Q%40mail.gmail.com > <https://groups.google.com/d/msgid/google-appengine/CAE46Be8U9Jj5B6_gSLJ_-s%3DpeEOEOH3M0t_wPjqSsNc%2BpWr14Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CAL6wZz%3D4qAyY%3DUzUFvS%2BM7CTHaR%3DKCmtZDf666rGQshcw%2B4cdA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
