Tomy Novella wrote:
pridavanie slashes ? nieco ako addslashes() v PHP->cize ochrana pre injectionmi...
Pokud se bavime o SQL injection, tak typicky se to resi tak, ze si nekonstruujes SQL dotaz sam nejakym spojovanim stringu, ale pouzijes prepared statements, vypada to asi takhle (poroz na to, ze ruzna pythoni DBAPI maji ruzne metaznaky misto "?", viz dokumentace):
cursor.execute("SELECT foo FROM bar WHERE baz = ? LIMIT 1",
("event_name", ))
Hezky den,
-jkt
--
cd /local/pub && more beer > /dev/mouth
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Python mailing list [email protected] http://www.py.cz/mailman/listinfo/python
