Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #35076

Re: Why Doesn't This MySQL Statement Execute?

References <CAAPnF_VFzdcXW8Eg20kn_j0ywvG7CbK+jY3u_0EZjJhR-m4Meg@mail.gmail.com> <alpine.DEB.2.02.1212181600190.20469@gilgamesh>
Date 2012-12-18 18:28 -0400
Subject Re: Why Doesn't This MySQL Statement Execute?
From Tom Borkin <borkintom@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.1032.1355869692.29569.python-list@python.org> (permalink)

Show all headers | View raw


[Multipart message — attachments visible in raw view] - view raw

No (lol). It returns a date as a string: "2012-12-12" for example.
Tom


On Tue, Dec 18, 2012 at 6:02 PM, Wayne Werner <wayne@waynewerner.com> wrote:

> On Tue, 18 Dec 2012, Tom Borkin wrote:
>
>  Hi;
>> I have this test code:
>>
>>     if i_id == "1186":
>>       sql = 'insert into interactions values(Null, %s, "Call Back",
>> "%s")' % (i_id, date_plus_2)
>>       cursor.execute(sql)
>>       db.commit()
>>       print sql
>> It prints the sql statement, but it doesn't execute. If I copy and paste
>> the sql into the mysql command line it does execute without warnings or
>> errors. What gives?
>>
>
> Does date_plus_2 contain
>
>      "Robert"); DROP TABLE interactions; --
>
> By any chance?
> -W

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread


Thread

Re: Why Doesn't This MySQL Statement Execute? Tom Borkin <borkintom@gmail.com> - 2012-12-18 18:28 -0400

csiph-web