On Jun 25, 2017 12:05 PM, "Danny Yoo" <danny....@gmail.com> wrote:
As the other tutors have suggested, look into doing the SQL updates directly, rather than format strings of SQL commands. Ah, here's a good resource: http://bobby-tables.com Just to emphasize: the reason I'm pointing this out is to try to counterbalance the tendency to solve a problem without asking: is this a good idea in the first place? The community of database programmers, after long experience with SQL injection, have learned through much pain and suffering. Unfortunately, this knowledge isn't evenly distributed yet. :) _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor
