Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.009 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'warnings': 0.03; 'tom': 0.07; 'subject:Why': 0.09; 'cc:addr:python-list': 0.10; 'dec': 0.15; '%s,': 0.16; 'chance?': 0.16; 'hi;': 0.16; 'string:': 0.16; 'wrote:': 0.17; 'example.': 0.17; 'cc:2**0': 0.23; 'cc:no real name:2**0': 0.24; 'command': 0.24; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; 'errors.': 0.27; 'message- id:@mail.gmail.com': 0.27; "doesn't": 0.28; 'interactions': 0.29; 'prints': 0.29; '8bit%:5': 0.29; 'skip:& 10': 0.29; 'print': 0.32; 'code:': 0.33; 'skip:& 20': 0.33; 'received:google.com': 0.34; 'pm,': 0.35; 'table': 0.35; 'subject:?': 0.35; 'received:209.85': 0.35; 'but': 0.36; 'test': 0.36; 'execute': 0.37; 'does': 0.37; 'drop': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'received:209.85.214': 0.39; 'header:Received:5': 0.40; 'subject:This': 0.78; 'to:addr:wayne': 0.84; '\xa0\xa0\xa0\xa0\xa0': 0.84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=shnc4RQsKvPmXVW+lW19lvZAnPhhcJQfjbT04vVNbiU=; b=hDxkMR0aFpcRchkrZ0HWd7+Xg+A4z8ECSbgVAAd9l8UAMsYijZZXYh5drPrIbgu4eS mY9Fs5SpGY6+s2V5nUdEKAoJkoV9B/taWUhwiGBhRSsOB/vkfDrGSokVSi2uj4UJ/WYj 0LydqoBgSXtxQoFQHeFlu3zcJ3E3aqB2zl5nTTfOSK8c4Ta9kIaWZG9eIk8xanGCrB3+ F5GwRfof8kzqKyEM3COnHEAzb8bTj0Sy1rWTE6+rtT9LxqVeagRN1gsxVvCxHs41UADM Yhdh3c8LsWa8Me0sQ/RgHak5L9m9lYN6vJjLsF3ddFeuIQ7Me7p17IAGJBF9XOCPlo9J qOew== MIME-Version: 1.0 In-Reply-To: References: Date: Tue, 18 Dec 2012 18:28:09 -0400 Subject: Re: Why Doesn't This MySQL Statement Execute? From: Tom Borkin To: Wayne Werner Content-Type: multipart/alternative; boundary=e89a8fb1f84636cb2504d1280356 Cc: python-list@python.org X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 70 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1355869692 news.xs4all.nl 6849 [2001:888:2000:d::a6]:40133 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:35076 --e89a8fb1f84636cb2504d1280356 Content-Type: text/plain; charset=ISO-8859-1 No (lol). It returns a date as a string: "2012-12-12" for example. Tom On Tue, Dec 18, 2012 at 6:02 PM, Wayne Werner wrote: > On Tue, 18 Dec 2012, Tom Borkin wrote: > > Hi; >> I have this test code: >> >> if i_id == "1186": >> sql = 'insert into interactions values(Null, %s, "Call Back", >> "%s")' % (i_id, date_plus_2) >> cursor.execute(sql) >> db.commit() >> print sql >> It prints the sql statement, but it doesn't execute. If I copy and paste >> the sql into the mysql command line it does execute without warnings or >> errors. What gives? >> > > Does date_plus_2 contain > > "Robert"); DROP TABLE interactions; -- > > By any chance? > -W --e89a8fb1f84636cb2504d1280356 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
No (lol). It returns a date as a string: "2012-1= 2-12" for example.
Tom


On Tue, Dec 18, 2012 at 6:02 PM, Wayne = Werner <wayne@waynewerner.com> wrote:
On T= ue, 18 Dec 2012, Tom Borkin wrote:

Hi;
I have this test code:
=A0
=A0=A0=A0 if i_id =3D=3D "1186":
=A0=A0=A0=A0=A0 sql =3D 'insert into interactions values(Null, %s, &quo= t;Call Back", "%s")' % (i_id, date_plus_2)
=A0=A0=A0=A0=A0 cursor.execute(sql)
=A0=A0=A0=A0=A0 db.commit()
=A0=A0=A0=A0=A0 print sql
It prints the sql statement, but it doesn't execute. If I copy and past= e the sql into the mysql command line it does execute without warnings or e= rrors. What gives?

Does date_plus_2 contain

=A0 =A0 =A0"Robert"); DROP TABLE interactions; --

By any chance?
-W

--e89a8fb1f84636cb2504d1280356--