On Wed, Oct 29, 2008 at 08:07:14AM -0700, Matt Richardson wrote:
> If I want to quote an sql statement to escape any injection badness,
> is this the proper way to do it?
There is no, unfortunately.
> quoted_param = CheckInRecord.sqlrepr(alert_param)
sqlrepr is used to convert Python data types to SQL strings; in most
cases you don't need to use it.
Oleg.
--
Oleg Broytmann http://phd.pp.ru/ [EMAIL PROTECTED]
Programmers don't die, they just GOSUB without RETURN.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
sqlobject-discuss mailing list
sqlobject-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss
