Am 18.06.2007, 22:10 Uhr, schrieb Ken Winter <[EMAIL PROTECTED]>:
Thanks Charlie & Jim ~
SQL injection is a new one on me, and I'm glad to learn about it now
(painlessly) rather than later (painfully).
Preventing SQL injection for non-savvy users (and letting them learn about
it later when t
Thanks Charlie & Jim ~
SQL injection is a new one on me, and I'm glad to learn about it now
(painlessly) rather than later (painfully).
~ Ken
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 10:03 AM
> To: Ken Winter
> Cc: 'Zope-DB L
> -Original Message-
> From: Maciej Wisniowski [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 1:34 AM
> To: Ken Winter
> Cc: 'Zope-DB List'
> Subject: Re: [Zope-DB] Using s in ZSQL methods?
>
>
> > I tried to invoke the "query" method of my adapter (which is named
> > "dhatabase"
Am 18.06.2007, 16:03 Uhr, schrieb <[EMAIL PROTECTED]>:
There are no pros and cons. Only cons.
This is generally right, unless you use .execute(statement, (paras,)) on
the DA like you can with the mxODBC Zope DA. Although admittely this is
currently only available for ExternalMethods. Addi
>
> I also have a broader question: When one is composing dynamic SQL in
Python
> scripts, what are the pros and cons of executing them by going directly
to
> the database adapter (as suggested above) vs passing it in as the sole
> argument of an "empty" ZSQL method? By "empty" ZQL method I me