* Kent Johnson [090808 05:06]:
> On Fri, Aug 7, 2009 at 10:18 PM, Tim Johnson wrote:
>
> If you use the two argument form of cursor.execute - passing the
> parameter values in a sequence, rather than substituting them yourself
> - then you have to worry about injection attacks. The DB-API module
On Fri, Aug 7, 2009 at 10:18 PM, Tim Johnson wrote:
> Hello:
> I am currently using python 2.5 and do a lot of database programming
> with MySQLdb.
>
> I need to tighten up control over queries since I am concerned about
> malicious injections.
If you use the two argument form of cursor.execute -
Hello:
I am currently using python 2.5 and do a lot of database programming
with MySQLdb.
I have developed a wrapper class that uses two cursors:
1)a MySQLdb.cursors.DictCursor object
2)a MySQLdb.cursors.Cursor object
#1 returning a dictionary from query results, #2 returning a tuple
from query res
