In message <mailman.2357.1256964121.2807.python-l...@python.org>, Dennis Lee Bieber wrote:
> This way regular string interpolation operations (or whatever Python > 3.x has replaced it with) are safe to construct the SQL, leaving only > user supplied (or program generated) data values to be passed via the > DB-API parameter system -- so that they are properly escaped and > rendered safe. Mixing the two is another recipe for confusion and mistakes. -- http://mail.python.org/mailman/listinfo/python-list
