Paul Rubin <"http://phr.cx"@NOSPAM.invalid> writes:
> Tor Erik Soenvisen <[EMAIL PROTECTED]> writes: > > # Protect against SQL injection by escaping quotes > > Don't ever do that, safe or not. Use query parameters instead. > That's what they're for. More specifically: They've been debugged for just these kinds of purposes, and every time you code an ad-hoc escaping-and-formatting SQL query, you're inviting all the bugs that have been found and removed before. -- \ "Welchen Teil von 'Gestalt' verstehen Sie nicht? [What part of | `\ 'gestalt' don't you understand?]" -- Karsten M. Self | _o__) | Ben Finney -- http://mail.python.org/mailman/listinfo/python-list
