Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed3a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'from:addr:yahoo.co.uk': 0.04; 'value,': 0.04; 'argument': 0.05; 'method.': 0.07; "subject:' ": 0.07; 'string': 0.09; 'lawrence': 0.09; 'parameter': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'variables.': 0.09; 'python': 0.11; 'language.': 0.14; '(other': 0.16; 'placeholder': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'sqlite': 0.16; 'subject:dates': 0.16; 'subject:sqlite3': 0.16; 'tuple': 0.16; 'wrong).': 0.16; 'language': 0.16; 'wrote:': 0.18; 'code,': 0.22; 'example': 0.22; 'header:User-Agent:1': 0.23; '(see': 0.26; 'query': 0.26; 'second': 0.26; 'values': 0.27; 'header:X-Complaints-To:1': 0.27; 'header:In-Reply-To:1': 0.27; 'url:python': 0.33; 'subject: (': 0.35; 'operations': 0.35; 'doing': 0.36; 'url:org': 0.36; 'should': 0.36; 'mine': 0.38; 'url:library': 0.38; 'to:addr :python-list': 0.38; 'fact': 0.38; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'url:3': 0.61; 'such': 0.63; 'our': 0.64; 'provide': 0.64; 'different': 0.65; 'charset:windows-1252': 0.65; 'wish': 0.70; 'miss': 0.74; 'misses': 0.84; 'vulnerable': 0.84 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Mark Lawrence Subject: Re: 'Lite' Databases (Re: sqlite3 and dates) Date: Thu, 19 Feb 2015 05:32:31 +0000 References: <4154cc37-0bb0-4bf2-a52c-b728c737357c@googlegroups.com> <54E517B4.4000409@stoneleaf.us> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Gmane-NNTP-Posting-Host: host-92-24-222-48.ppp.as43234.net User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 28 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1424323977 news.xs4all.nl 2942 [2001:888:2000:d::a6]:36523 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:85868 On 19/02/2015 00:08, Mario Figueiredo wrote: > > Parameterized queries is just a pet peeve of mine that I wish to > include here. SQLite misses it and I miss the fact SQLite misses it. > The less SQL one needs to write in their code, the happier one should > be. > https://docs.python.org/3/library/sqlite3.html#module-sqlite3 paragraphs seven and eight. "Usually your SQL operations will need to use values from Python variables. You shouldn’t assemble your query using Python’s string operations because doing so is insecure; it makes your program vulnerable to an SQL injection attack (see http://xkcd.com/327/ for humorous example of what can go wrong). Instead, use the DB-API’s parameter substitution. Put ? as a placeholder wherever you want to use a value, and then provide a tuple of values as the second argument to the cursor’s execute() method. (Other database modules may use a different placeholder, such as %s or :1.) For example:..." -- My fellow Pythonistas, ask not what our language can do for you, ask what you can do for our language. Mark Lawrence