Hi guys!
I have this
user_input = web.input()
db.insert('table1', name=user_input.name)
to avoid things like SQL injection, is it necessary to use it like in
the where clause below?
db.update('table1', where="id=$id",
name=user_input.name,
vars={"id":user_input.id}
)
or can I use just like it is with no key for name in the vars dict?
thanks beforehand!
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/webpy.
For more options, visit https://groups.google.com/groups/opt_out.
