On Tue, Dec 1, 2020 at 4:53 PM Ivan "Rambius" Ivanov
<rambiusparkisan...@gmail.com> wrote:
>
> On Tue, Dec 1, 2020 at 12:39 AM Chris Angelico <ros...@gmail.com> wrote:
> > Don't do this! DO NOT do this! Even if it might happen to work with a
> > base 64 encoded value, this is a terrible terrible bug just waiting to
> > happen. Instead, use *parameterized queries* and keep your SQL safe.
>
> OK. What are parameterized queries? Can you give an example?
>
I've no idea what database you're connecting to, what library you're
using, or anything, but it would look something like this:
conn.execute("insert into hashes values (?)", [hash])
Look up the documentation for what you're working with. It will have a
way to do this.
ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
