In message <mailman.867.1243574504.8015.python-l...@python.org>, Dennis Lee Bieber wrote:
> On Thu, 28 May 2009 20:57:13 +1200, Lawrence D'Oliveiro > <l...@geek-central.gen.new_zealand> declaimed the following in > gmane.comp.python.general: > >>> >>> >>> db.literal((... "%wildcard%" ...)) >>> (... "'%wildcard%'" ...) >> >> Doesn't look like it worked, does it? > > If the problem is that you have /user/ input that may have a % sign > that should NOT be treated as a wildcard, the solution is to train said > user... Sounds like a good solution to SQL-injection vulnerabilities, isn't it? Wonder why no-one thought of that before? -- http://mail.python.org/mailman/listinfo/python-list
