On Wed, Oct 29, 2008 at 8:45 AM, Oleg Broytmann <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 29, 2008 at 08:07:14AM -0700, Matt Richardson wrote:
>> If I want to quote an sql statement to escape any injection badness,
>> is this the proper way to do it?
>
> There is no, unfortunately.
>
>> quoted_par
On Wed, Oct 29, 2008 at 08:07:14AM -0700, Matt Richardson wrote:
> If I want to quote an sql statement to escape any injection badness,
> is this the proper way to do it?
There is no, unfortunately.
> quoted_param = CheckInRecord.sqlrepr(alert_param)
sqlrepr is used to convert Python data
If I want to quote an sql statement to escape any injection badness,
is this the proper way to do it?
alert_param = "check_in_record.%s + interval 3 day < now() " % "somecolumn"
quoted_param = CheckInRecord.sqlrepr(alert_param)
results = CheckInRecord.select(quoted_param)
I saw the mention of it
