I've been researching sql injection attacks (partly because I want to understand the attack, but mostly because it's cropped up in a few recent threads) and from what I can gather, the danger (for want of a better noun) seems to be from user inputs and as such a function to satanize said input would mitigate the danger and do away with all of this messing about with place holders in the
What am I missing, if anything?
cursor.execute()
command, no?What am I missing, if anything?
Sig:
>>> import this
The UNIX philosophy: "Do one thing, and do it well."
"The danger of computers becoming like humans is not as great as the danger of humans becoming like computers." :~ Konrad Zuse
"Everything should be made as simple as possible, but not simpler." :~ Albert Einstein
>>> import this
The UNIX philosophy: "Do one thing, and do it well."
"The danger of computers becoming like humans is not as great as the danger of humans becoming like computers." :~ Konrad Zuse
"Everything should be made as simple as possible, but not simpler." :~ Albert Einstein