On Sat, Oct 10, 2009 at 7:59 PM, Carl Karsten <c...@personnelware.com> wrote:
[..]
> I need to inject...
>
> The line should be:
>
> cursor.execute(query, ('burger', '2009-09-10 12:00:00'))Ah. Then it's just a case of the API doing the quoting internally which points to a better API than a better language. > and to keep it more like the php example: > cursor.execute(query, (productname, buy_datetime)) Yes. That would be closer. [..] > I have done 2 php pages and a bunch of python. My guess is PHP makes > it easier to write vulnerable code, but I am really going on on a limb > here, so I'll not try to support this notion. Yes. I think so too. However, something being in PHP alone doesn't disqualify it as a robust and secure product. -- ~noufal http://nibrahim.net.in _______________________________________________ BangPypers mailing list BangPypers@python.org http://mail.python.org/mailman/listinfo/bangpypers
