Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #48381

Re: Why 'files.py' does not print the filenames into a table format?

References <kpifru$3kp$3@news.ntua.gr> <mailman.3401.1371325647.3114.python-list@python.org> <kpigkm$1j17$1@news.ntua.gr> <BCCFA72E-13C7-4A2C-A73B-BB40F263F537@schollnick.net>
Date 2013-06-16 08:51 +1000
Subject Re: Why 'files.py' does not print the filenames into a table format?
From Chris Angelico <rosuav@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.3416.1371336710.3114.python-list@python.org> (permalink)

Show all headers | View raw

On Sun, Jun 16, 2013 at 6:29 AM, Benjamin Schollnick
<benjamin@schollnick.net> wrote:
> cur.execute('''SELECT ID FROM counters WHERE url = %s''', page )
> cur.execute('''INSERT INTO counters (url) VALUES (%s)''', page )
>
> Sure, whoever wrote that code is a fool.
>
> http://xkcd.com/327/
>
> They didn't sanitize your database inputs.

I assume you're talking about the above two lines of code? They're not
SQL injection targets. The clue is that the %s isn't in quotes. This
is an out-of-band argument passing method (actually, since he's using
MySQL (IIRC), it's probably just going to escape it and pass it on
through, but it comes to the same thing), so it's safe.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-15 22:38 +0300
  Re: Why 'files.py' does not print the filenames into a table format? Jarrod Henry <jarrodhenry@gmail.com> - 2013-06-15 14:46 -0500
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-15 22:51 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Benjamin Schollnick <benjamin@schollnick.net> - 2013-06-15 16:29 -0400
      Re: Why 'files.py' does not print the filenames into a table format? Joshua Landau <joshua.landau.ws@gmail.com> - 2013-06-15 21:37 +0100
        Re: Why 'files.py' does not print the filenames into a table format? Νίκος <support@superhost.gr> - 2013-06-17 08:58 +0300
          Re: Why 'files.py' does not print the filenames into a table format? Νίκος <support@superhost.gr> - 2013-06-17 09:11 +0300
            Re: Why 'files.py' does not print the filenames into a table format? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-17 07:00 +0000
              Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 12:07 +0300
                Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 12:18 +0300
                Re: Why 'files.py' does not print the filenames into a table format? Simpleton <support@superhost.gr> - 2013-06-17 13:26 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Chris Angelico <rosuav@gmail.com> - 2013-06-16 08:51 +1000
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:07 +0300
          Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 05:06 +0000
            Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Nick the Gr33k <support@superhost.gr> - 2013-06-16 11:28 +0300
              Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 10:33 +0000
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Ferrous Cranus <support@superhost.gr> - 2013-06-16 13:57 +0300
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-16 12:09 +0100
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Ferrous Cranus <support@superhost.gr> - 2013-06-16 14:12 +0300
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-06-16 13:19 +0200
                Re: Python Greek mailing list [was Re: Why 'files.py' does not print the filenames into a table format?] Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-06-16 13:03 +0200
          Re: Why 'files.py' does not print the filenames into a table format? Ferrous Cranus <support@superhost.gr> - 2013-06-16 16:57 +0300
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:10 +0300
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:24 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Grant Edwards <invalid@invalid.invalid> - 2013-06-17 14:50 +0000
  Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-15 22:29 +0100
    Re: Why 'files.py' does not print the filenames into a table format? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-16 00:10 +0000
      Re: Why 'files.py' does not print the filenames into a table format? alex23 <wuwei23@gmail.com> - 2013-06-16 17:04 -0700
        Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-17 01:31 +0100
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:03 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-06-16 02:10 +0100
        Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 04:28 +0300
  Re: Why 'files.py' does not print the filenames into a table format? Denis McMahon <denismfmcmahon@gmail.com> - 2013-06-16 07:23 +0000
    Re: Why 'files.py' does not print the filenames into a table format? Nick the Gr33k <support@superhost.gr> - 2013-06-16 11:35 +0300
      Re: Why 'files.py' does not print the filenames into a table format? Denis McMahon <denismfmcmahon@gmail.com> - 2013-06-16 08:55 +0000
      Re: Why 'files.py' does not print the filenames into a table format? Ferrous Cranus <support@superhost.gr> - 2013-06-16 16:59 +0300
  Re: Why 'files.py' does not print the filenames into a table format? jmfauth <wxjmfauth@gmail.com> - 2013-06-16 05:57 -0700

csiph-web