Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #35075

Re: Why Doesn't This MySQL Statement Execute?

Date 2012-12-18 16:02 -0600
From Wayne Werner <wayne@waynewerner.com>
Subject Re: Why Doesn't This MySQL Statement Execute?
References <CAAPnF_VFzdcXW8Eg20kn_j0ywvG7CbK+jY3u_0EZjJhR-m4Meg@mail.gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.1031.1355868222.29569.python-list@python.org> (permalink)

Show all headers | View raw


[Multipart message — attachments visible in raw view] - view raw

On Tue, 18 Dec 2012, Tom Borkin wrote:

> Hi;
> I have this test code:
>  
>     if i_id == "1186":
>       sql = 'insert into interactions values(Null, %s, "Call Back", "%s")' % (i_id, date_plus_2)
>       cursor.execute(sql)
>       db.commit()
>       print sql
> It prints the sql statement, but it doesn't execute. If I copy and paste the sql into the mysql command line it does execute without warnings or errors. What gives?

Does date_plus_2 contain

      "Robert"); DROP TABLE interactions; --

By any chance?
-W

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread


Thread

Re: Why Doesn't This MySQL Statement Execute? Wayne Werner <wayne@waynewerner.com> - 2012-12-18 16:02 -0600

csiph-web