meaning? so it's ok for me to just leave like that? thanks for the answer! =D
On Thu, Oct 31, 2013 at 11:22 PM, Zagfai Kwong <[email protected]> wrote: > At the layer of MySQLdb module, it implemented the parameter filter. > > > On Friday, November 1, 2013 5:53:17 AM UTC+8, Claudio Dusan Vega Ozuljevich > wrote: >> >> Hi guys! >> >> I have this >> >> user_input = web.input() >> >> db.insert('table1', name=user_input.name) >> >> to avoid things like SQL injection, is it necessary to use it like in >> the where clause below? >> >> db.update('table1', where="id=$id", >> name=user_input.name, >> vars={"id":user_input.id} >> ) >> >> or can I use just like it is with no key for name in the vars dict? >> >> >> thanks beforehand! > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/webpy. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "web.py" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/webpy. For more options, visit https://groups.google.com/groups/opt_out.
