On Tue, 18 Dec 2012, Tom Borkin wrote:
Hi;
I have this test code:
if i_id == "1186":
sql = 'insert into interactions values(Null, %s, "Call Back", "%s")' %
(i_id, date_plus_2)
cursor.execute(sql)
db.commit()
print sql
It prints the sql statement, but it doesn't execute. If I copy and paste the
sql into the mysql command line it does execute without warnings or errors.
What gives?
Does date_plus_2 contain
"Robert"); DROP TABLE interactions; --
By any chance?
-W
--
http://mail.python.org/mailman/listinfo/python-list