On Jul 1, 1:32 pm, Ferran Fontcuberta <[email protected]> wrote: > El mié, 01-07-2009 a las 12:47 +0200, Ferran Fontcuberta escribió: > > > Hello, colisters ^_^ > > > I want to use this query: > > > SELECT * FROM mailing_mails WHERE list IN (6,7,8) > > Ok, to avoid sql injection and bad web.py parsing (well, maybe there's a > method to do it right, but i can't figure it) i'm using this, right now: > > try: > lists = ','.join((str(int(l)) for l in i.lists)) > except: > return appError("You're a badboy!") > > r = db.select('mailing_mails', what="mail", where="list IN ("+lists+")") > > Any better solution, plz? ://
Hello, If you want to get rid of quotes, check out SQLLiteral here: http://webpy.org/docs/0.3/api#web.db Regards, Luke --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
