Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!news.grnet.gr!.POSTED!not-for-mail
From: =?UTF-8?B?zp3Or866zr/Pgg==?= <support@superhost.gr>
Newsgroups: comp.lang.python
Subject: Re: Updating a filename's counter value failed each time
Date: Mon, 17 Jun 2013 22:30:57 +0300
Organization: GRNET - Greek Research and Technology Network
Lines: 19
Message-ID: <kpno5h$std$2@news.grnet.gr>
References: <kpne3k$1066$1@news.ntua.gr> <b290qpFm23aU1@mid.uni-berlin.de>	<kpnj6o$av7$4@news.grnet.gr> <D5Jvt.58070$hJ.17171@fx19.am4>
NNTP-Posting-Host: 46.12.160.93.dsl.dyn.forthnet.gr
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Trace: news.grnet.gr 1371497457 29613 46.12.160.93 (17 Jun 2013 19:30:57 GMT)
X-Complaints-To: newsadm@grnet.gr
NNTP-Posting-Date: Mon, 17 Jun 2013 19:30:57 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:22.0) Gecko/20100101 Thunderbird/22.0
In-Reply-To: <D5Jvt.58070$hJ.17171@fx19.am4>
Xref: csiph.com comp.lang.python:48557

On 17/6/2013 10:05 μμ, Alister wrote:
> You are correct Nicos, passing the values as a parameter list does
> protect you from SQL injection JT has made an error.

Even if the query is somehting like:

http://superhost.gr/cgi-bin/files.py?filename="Select....."

 From what exactly the comma protects me for?

What id=f the user passes data to filename variable throgh url?
Will comma understand that?
How can it tell form a normal filename opposes to a select statemnt 
acting as a filename value?



-- 
What is now proved was at first only imagined!