On Mon, May 9, 2016 at 10:44 AM, Thomas 'PointedEars' Lahn <pointede...@web.de> wrote: > With the “%” string operator (deprecated), str.format(), and str.Template, > you can use other values in string values even without concatenation.
Not deprecated. Don't spread FUD. > Finally, with SQL you should prefer Prepared Statements and Stored > Procedures, not bare strings, to avoid SQL injection: > > <https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet> He is safe. He's using parameterized queries. > Also, it would be a good idea if you posted under your real name. Internet > is the thing with cables; Usenet is the thing with people. I for one tend > to avoid communicating with few-letter entities; exceptions to that would > probably include only E.T., M.J., ALF, and K.I.T.T. I'm not using Usenet, Mr PointedEars. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
