> The problem with SQL injections shouldn't IMHO be solved at > driver level, but is an application level problem.
The SQL driver is responsible for accuracy in the implementation of safe methods for escaping and/or parameter substitution, and the application is responsible for making proper use of them. Fortunately the Python DB-API has standards that programs can use for making use of these escaping/substitution functions that any application can use. My understanding in the case of the psycopg2 interface is that it serves as a translation layer between the PostgreSQL DB driver/.DLL/.so (which does all the hard lifting of escaping/substitution in accordance with Postgres' standards & testing) and Python. -tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
