> here is the result.
>
> 1
> ('Supervisor',)
> <tr>
> <td>1</td>
> <td>Vinayak</td>
> <td>Salunke</td>
> <td>1</td>
>
> Now I need to remove the braces and quotes .. :)By the way, be very careful about generating HTML via naive string concatenation. If you can use a template engine such as Jinja (http://jinja.pocoo.org/), please do so. The main problem here is that the content you're using from the database might have characters that look "html"-ish, in which case the use of string concatenation is a vector for a Bobby-tables-like injection attack. https://xkcd.com/327/ If you can't use a templating engine that knows about HTML escaping, then you still need to add html escaping where the rows are being constructed here: for row in line1: print """<td>"""+str(row)+"""</td>""" See: https://docs.python.org/3/library/html.html#html.escape Basically, any place where something "structured" (SQL queries, HTML) is being constructed from something unstructured (string concatenation), that's where injection attacks like to live. Be careful. Hope this helps! _______________________________________________ Tutor maillist - [email protected] To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor
