*argh* You don't do any quoting of SQL-parameters, and that's more than bad! (leaves you up to the mercy of SQL-injection attacks, for example)
I'm aware of the issue. But I think the one who start this question is too naive to explain anything more complex.
Just give him a hint for further investigate.
-- http://mail.python.org/mailman/listinfo/python-list
