> I hate to ask, but what happens when I enter "a, b, c);DROP DATABASE;" as > the entry for z_name? (Or some similar attempt to close the > SQL statement and start a new one). I think you want to google for "SQL > injection" and think about sanitising user input a bit.
And using the parametrized form of cursor.execute() - which I guess is easier to do. But you're right of course, too. Regards, Diez -- http://mail.python.org/mailman/listinfo/python-list
