I laugh in the face of danger.
Give me a use case for an exploit.
On Fri, Sep 26, 2008 at 8:05 AM, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
> Michael Mabin wrote:
>
>> cursor.execute("""
>> SELECT titem.object_id, titem.tag_id
>> FROM tagging_taggeditem titem
>> WHERE titem.object_id IN (%s)
>> """ % ','.join([str(x) for x in [1,5,9]])
>>
>
> Nope. That would be dangerous! -> google for SQL injection
>
> Tino
>
--
| _ | * | _ |
| _ | _ | * |
| * | * | * |
--
http://mail.python.org/mailman/listinfo/python-list
