On Wed, Oct 29, 2008 at 8:45 AM, Oleg Broytmann <[EMAIL PROTECTED]> wrote: > On Wed, Oct 29, 2008 at 08:07:14AM -0700, Matt Richardson wrote: >> If I want to quote an sql statement to escape any injection badness, >> is this the proper way to do it? > > There is no, unfortunately. > >> quoted_param = CheckInRecord.sqlrepr(alert_param) > > sqlrepr is used to convert Python data types to SQL strings; in most > cases you don't need to use it. > > Oleg. > -- > Oleg Broytmann http://phd.pp.ru/ [EMAIL PROTECTED] > Programmers don't die, they just GOSUB without RETURN. >
I'll just parse the string for unacceptable characters before sending it then. Thanks, -- Matt ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ sqlobject-discuss mailing list sqlobject-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss
