Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #19879
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <chris@rebertia.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.036 |
| X-Spam-Evidence | '*H*': 0.93; '*S*': 0.00; 'corresponds': 0.09; 'query,': 0.09; '(%s,': 0.16; 'subject:hyphen': 0.16; 'cc:addr :python-list': 0.16; 'syntax': 0.16; 'wrote:': 0.18; 'subject:not': 0.19; 'cheers,': 0.20; 'cc:no real name:2**0': 0.21; 'header:In-Reply-To:1': 0.22; 'feb': 0.22; 'received:209.85.220': 0.25; 'cc:2**0': 0.26; 'noticed': 0.26; 'all,': 0.27; 'message-id:@mail.gmail.com': 0.29; 'cc:addr:python.org': 0.29; 'pm,': 0.29; 'server': 0.30; 'sun,': 0.30; 'chris': 0.30; 'error': 0.30; 'version': 0.32; 'values': 0.32; 'go.': 0.32; "can't": 0.33; '"we': 0.34; 'something': 0.35; '"you': 0.37; 'received:google.com': 0.37; 'received:209.85': 0.38; 'received:209': 0.39; 'raw': 0.40; 'your': 0.61; 'below:': 0.80; '("we': 0.84; 'injection': 0.84; 'sender:addr:chris': 0.84 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=rebertia.com; s=google; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=CcSm5INzDaRKd3IGOnksvLop7cF6XY8Lm1G6uu80elE=; b=D2L66u4dDMb0RHwtCqYTPNRCMrFaYIjSNP6yUIXETwMH8+npyLVFj/zArVIfZnekES 8KmWDLzwF30NBz0BrtdZWx2rWePYftc4L0yJU1Q2LYQrE+QutsRT0gB1YPCSD3VjteO8 2wNlgRARBmle670pMxcHZq0PFDqfDF4gZMFpc= |
| MIME-Version | 1.0 |
| Sender | chris@rebertia.com |
| In-Reply-To | <CAOypoo5Y8cOB015ngO9K7UEqu0AEdRPGuhpzrjZuXjE+nbh-uw@mail.gmail.com> |
| References | <CAOypoo5Y8cOB015ngO9K7UEqu0AEdRPGuhpzrjZuXjE+nbh-uw@mail.gmail.com> |
| Date | Sun, 5 Feb 2012 14:46:36 -0800 |
| X-Google-Sender-Auth | 1A0HHaMSivEtHN9GqbW3VTS73no |
| Subject | Re: MySQLdb not allowing hyphen |
| From | Chris Rebert <clp2@rebertia.com> |
| To | Emeka <emekamicro@gmail.com> |
| Content-Type | text/plain; charset=UTF-8 |
| Content-Transfer-Encoding | quoted-printable |
| Cc | python-list@python.org |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.5458.1328481998.27778.python-list@python.org> (permalink) |
| Lines | 27 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1328481998 news.xs4all.nl 6945 [2001:888:2000:d::a6]:56524 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:19879 |
Show key headers only | View raw
On Sun, Feb 5, 2012 at 2:41 PM, Emeka <emekamicro@gmail.com> wrote:
>
> Hello All,
>
> I noticed that MySQLdb not allowing hyphen may be way to prevent injection
> attack.
> I have something like below:
>
> "insert into reviews(message, title)values('%s', '%s')" %( "We don't know
> where to go","We can't wait till morrow" )
>
> ProgrammingError(1064, "You have an error in your SQL syntax; check the
> manual that corresponds to your MySQL server version for the right syntax to
> use near 't know where to go.
>
> How do I work around this error?
Don't use raw SQL strings in the first place. Use a proper
parameterized query, e.g.:
cursor.execute("insert into reviews(message, title) values (%s, %s)",
("We don't know where to go", "We can't wait till morrow"))
Cheers,
Chris
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
Re: MySQLdb not allowing hyphen Chris Rebert <clp2@rebertia.com> - 2012-02-05 14:46 -0800 Re: MySQLdb not allowing hyphen John Nagle <nagle@animats.com> - 2012-02-08 11:41 -0800
csiph-web