At the layer of MySQLdb module, it implemented the parameter filter.
On Friday, November 1, 2013 5:53:17 AM UTC+8, Claudio Dusan Vega Ozuljevich
wrote:
>
> Hi guys!
>
> I have this
>
> user_input = web.input()
>
> db.insert('table1', name=user_input.name)
>
> to avoid things like SQL injection, is it necessary to use it like in
> the where clause below?
>
> db.update('table1', where="id=$id",
> name=user_input.name,
> vars={"id":user_input.id}
> )
>
> or can I use just like it is with no key for name in the vars dict?
>
>
> thanks beforehand!
>
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/webpy.
For more options, visit https://groups.google.com/groups/opt_out.
