f be gfdnbh be b GB GB BH GB vbjfhjb GB bffbbubffffbv GB hbu hbu fjbjfbbbufhbvh VB have fbbbbqbgvfb NB bb GB GB GB GB bbu GB vu GB vu GB GB b GB fbufjnb BH GB GB bvvfbubffffbjubuv GB b fbufbbby GB bfffffff GB f GB bbbu GB GB ffinj GB vh vh fjb GB fj GB h h GB gjfthey're the b GB gjf GBG GBG q GB fbb b bh VB ffbff GBG fbfvrgv On May 9, 2016 7:49 AM, "Chris Angelico" <ros...@gmail.com> wrote:
On Mon, May 9, 2016 at 10:44 AM, Thomas 'PointedEars' Lahn <pointede...@web.de> wrote: > With the “%” string operator (deprecated), str.format(), and str.Template, > you can use other values in string values even without concatenation. Not deprecated. Don't spread FUD. > Finally, with SQL you should prefer Prepared Statements and Stored > Procedures, not bare strings, to avoid SQL injection: > > <https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet> He is safe. He's using parameterized queries. > Also, it would be a good idea if you posted under your real name. Internet > is the thing with cables; Usenet is the thing with people. I for one tend > to avoid communicating with few-letter entities; exceptions to that would > probably include only E.T., M.J., ALF, and K.I.T.T. I'm not using Usenet, Mr PointedEars. ChrisA -- https://mail.python.org/mailman/listinfo/python-list -- https://mail.python.org/mailman/listinfo/python-list
