On Thu, May 20, 2010 at 12:56 PM, MRAB <pyt...@mrabarnett.plus.com> wrote:
> > When performing SQL operations, don't insert the values using Python's > string formatting, because that makes it vulnerable to SQL-injection > attacks, ie don't do this: > > cursor.execute(sql_command % values) > > do this: > > cursor.execute(sql_command, values) Oh, thank you! > I think you need to 'commit' any changes to do to the database. > Caught by the commit again. Yes, thanks. beno
-- http://mail.python.org/mailman/listinfo/python-list
