On Mon, Oct 19, 2015 at 3:10 AM, andybrookestar--- via Python-list
wrote:
> I acknowledge the security points & also by the way I omitted using any Try
> Catch statements , because at this stage coming from PHP I was more focused
> on getting a select statement to actually work in python.
>
Th
I acknowledge the security points & also by the way I omitted using any Try
Catch statements , because at this stage coming from PHP I was more focused on
getting a select statement to actually work in python.
Also I know the end use will be off line and is part of a python & kivy project
to a
andybrookes...@googlemail.com:
> cursor = self.conn.execute("SELECT * from wiki WHERE one LIKE '%s' "%
>self.myString1)
That's really dangerous. See:
http://stackoverflow.com/questions/309945/how-to-quote-a-strin
g-value-explicitly-python-db-api-psycopg2>
Now,
cheers Mark,
it was the syntax that was foxing me; I don't like the example of the select
statement via the insecure approach because the writer is adding an element of
ambiguity since the table has a field called and a variable also
called
#modifying my class to
import sqlite3
class do:
On 17/10/2015 20:42, andybrookestar--- via Python-list wrote:
i'm mainly a PHP man but playing with python recently!
I have a very small class that retrieves data from a very small sqlite3 db called
encyclopedia,which has a table called wiki & two field called one & two (yes I
know - no imagi
