On Fri, Mar 18, 2016 at 10:17 AM, Thomas 'PointedEars' Lahn <pointede...@web.de> wrote: > Daniel Wilcox wrote: > >> Cool thanks, highly recommended to use an ORM to deter easy SQL >> injections. > > That is to crack a nut with a sledgehammer. SQL injection can be easily and > more efficiently prevented with prepared statements. While an Object- > Relational Mapper (ORM) can use those, and there are benefits to using an > ORM, avoiding SQL injection should not be the primary reason to use an ORM. > In fact, using an ORM is often not only overkill, but effectively *reduces* > application performance.
You don't even need prepared statements. All you need is parameterized queries. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
