Aug-14-2017, 06:29 PM
(May-28-2017, 10:25 AM)Milo Wrote: Ok so I had a quick look at it again and the below seems to work as expected.
Well, no. That's using string formatting and manual quoting, which bypasses mysql's sanitation. So it works, but only if nobody ever tries to break your database.
This is the way you should be doing it:
cursor.execute("INSERT INTO schedule (gid) VALUES (%s)", (value, ))More examples can be found in the docs: https://dev.mysql.com/doc/connector-pyth...elect.html