Thanks, it's really works fine for me. Tell me, is this method is safe for sql injections?
On Mar 9, 10:37 pm, Aaron Swartz <[email protected]> wrote: > > Q = "SELECT login FROM users WHERE login LIKE '%%%s%%'" % > > str(i.q) > > results = db.query(Q) > > This isn't safe. You want to do: > > results = db.query("SELECT login FROM users WHERE login > LIKE $q", vars=dict(q='%' + i.q + '%')) > > > > > > > And this error: > > ERR: SELECT login FROM users WHERE login LIKE '%bm%' > > Traceback (most recent call last): > > File "/Library/Frameworks/Python.framework/Versions/2.6/lib/ > > python2.6/site-packages/web/application.py", line 211, in process > > return self.handle() > > File "/Library/Frameworks/Python.framework/Versions/2.6/lib/ > > python2.6/site-packages/web/application.py", line 201, in handle > > return self._delegate(fn, self.fvars, args) > > File "/Library/Frameworks/Python.framework/Versions/2.6/lib/ > > python2.6/site-packages/web/application.py", line 385, in _delegate > > return handle_class(cls) > > File "/Library/Frameworks/Python.framework/Versions/2.6/lib/ > > python2.6/site-packages/web/application.py", line 360, in handle_class > > return tocall(*args) > > File "/Users/bm/python/pass/app.py", line 53, in GET > > results = db.query(Q) > > File "/Library/Frameworks/Python.framework/Versions/2.6/lib/ > > python2.6/site-packages/web/db.py", line 579, in query > > self._db_execute(db_cursor, sql_query) > > File "/Library/Frameworks/Python.framework/Versions/2.6/lib/ > > python2.6/site-packages/web/db.py", line 530, in _db_execute > > for x in sql_query.values()]) > > File "build/bdist.macosx-10.3-i386/egg/MySQLdb/cursors.py", line > > 151, in execute > > query = query % db.literal(args) > > TypeError: not enough arguments for format string > > > The query looks fine and works great in mysql console. But want not > > run in webpy environment. > > > What wrong with me? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
