If I want to quote an sql statement to escape any injection badness, is this the proper way to do it?
alert_param = "check_in_record.%s + interval 3 day < now() " % "somecolumn" quoted_param = CheckInRecord.sqlrepr(alert_param) results = CheckInRecord.select(quoted_param) I saw the mention of it in the documentation on the website, but wasn't clear on proper use. thanks, -- Matt ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ sqlobject-discuss mailing list sqlobject-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss
