On Tuesday 24 January 2006 02:13, Nathaniel Smith wrote:
> The new API is like:
> execute(query("DELETE FROM my_table WHERE attr = ?") % blob(foo));
Is there some code somewhere that escapes single-quotes? I've seen too many
bugs in other systems where the code sets up a query like
"SELECT stuff FROM my_table WHERE surname = '?' ")
and then some other code substitutes in "O'Toole" instead of "O''Toole".
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
