On 11/10/2016 06:15 AM, Dennis Lee Bieber wrote: > On Wed, 9 Nov 2016 21:05:50 -0800 (PST), sudeeratechn...@gmail.com > declaimed the following: > >> >> sql = "insert into beacon VALUES(null, '%s')" % \ >> (beacon) >> > DON'T DO THAT...
Wouldn't hurt to include a brief why on this, and the right way to do this. The why is, of course, that this operation is vulnerable to SQL injection. This should be avoided as a matter of practice, even if you're not taking input from anyone but yourself. The correct way to do this is to use a prepared statement. And of course the relevant xkcd is: https://xkcd.com/327/ -- https://mail.python.org/mailman/listinfo/python-list
