I believe we use the current approach because the 'correct' one fails with thousands of ids in the arguments On Dec 7, 2010 3:01 PM, "Seif Lotfy" <s...@lotfy.com> wrote: > Seif Lotfy has proposed merging lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist. > > Requested reviews: > Zeitgeist Framework Team (zeitgeist) > > > The SQLite docs say: > --- > You shouldn’t assemble your query using Python’s string operations because doing so is insecure; it makes your program vulnerable to an SQL injection attack. > > Instead, use the DB-API’s parameter substitution. Put ? as a placeholder wherever you want to use a value, and then provide a tuple of values as the second argument to the cursor’s execute() method. > --- > This branch fixes it. > -- > https://code.launchpad.net/~seif/zeitgeist/use-new-placeholders/+merge/42943 > Your team Zeitgeist Framework Team is requested to review the proposed merge of lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist.
-- https://code.launchpad.net/~seif/zeitgeist/use-new-placeholders/+merge/42943 Your team Zeitgeist Framework Team is requested to review the proposed merge of lp:~seif/zeitgeist/use-new-placeholders into lp:zeitgeist. _______________________________________________ Mailing list: https://launchpad.net/~zeitgeist Post to : zeitgeist@lists.launchpad.net Unsubscribe : https://launchpad.net/~zeitgeist More help : https://help.launchpad.net/ListHelp
