if you pass "raw variables" to DAL's queries, the input is sanitized.
If you instead try to build a query doing cut/paste, e.g. myquery = "select * from table where field = %s" % raw_variable then it's not sanitized. On Sunday, February 2, 2014 5:33:02 PM UTC+1, horridohobbyist wrote: > > Does web2py have a function or means of "sanitizing" user input in order > to prevent SQL injection attacks? > > Thanks. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
