On Sun, 27 Jun 2010 14:36:10 +1200, Lawrence D'Oliveiro wrote: >> In any case, you're still trying to make arguments about whether it's easy >> or hard to get it right, which completely misses the point. Eliminating >> the escaping entirely makes it impossible to get it wrong. > > Except nobody has yet shown an alternative which is easier to get right.
For SQL, use stored procedures or prepared statements. For HTML/XML, use a DOM (or similar) interface. -- http://mail.python.org/mailman/listinfo/python-list
