Re: sqlite3 - adding tables and rows via parameters

2008/4/13, Steve Holden <[EMAIL PROTECTED]>: > > Vlastimil Brom wrote: > > > ... are there any (security > > ...) risks of using string interpolation for table and column names in > the SQL commands? Or > > are the values, where parametrization (with ? in sqlite3) is supported, > > the only vulnera

Re: sqlite3 - adding tables and rows via parameters

Vlastimil Brom wrote: > > 2008/4/12, Steve Holden <[EMAIL PROTECTED] >: > > Vlastimil Brom wrote: > > Hi all, > > I would like to ask about the usage of sqlite3 in python, more > > specifically about a way to pass table > > or column names to a SQ

Re: sqlite3 - adding tables and rows via parameters

2008/4/12, Steve Holden <[EMAIL PROTECTED]>: > > Vlastimil Brom wrote: > > Hi all, > > I would like to ask about the usage of sqlite3 in python, more > > specifically about a way to pass table > > or column names to a SQL commands using parameters. > > > The thing that will stop you from using a ta

Re: sqlite3 - adding tables and rows via parameters

Vlastimil Brom wrote: > Hi all, > I would like to ask about the usage of sqlite3 in python, more > specifically about a way to pass table > or column names to a SQL commands using parameters. > All examples I could find use > the parameter substitution with "?" for values; is it possible the spe

sqlite3 - adding tables and rows via parameters

Hi all, I would like to ask about the usage of sqlite3 in python, more specifically about a way to pass table or column names to a SQL commands using parameters. All examples I could find use the parameter substitution with "?" for values; is it possible the specify table and column names this way?