On Fri, Sep 18, 2009 at 11:49 AM, Jeff Johnson <j...@dcsoftware.com> wrote:
> Kristina:
>
> I would format it as follows:
>
> self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME = '%s'" % name)No, that is a recipe for SQL injection attacks such as this: http://xkcd.com/327/ >> self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME= ?", (name)) I think that should have a comma to create a tuple: self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME= ?", (name,)) I don't know if that could cause your problem. Kent _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
