[Twisted-web] Re: Nevow + adbapi
Matt Goodall
matt at pollenation.net
Thu Mar 10 17:15:48 MST 2005
On Thu, 2005-03-10 at 17:59 -0600, Luis N wrote:
> Google is my friend.
OK, so you found the answer just as I hit send ;-).
>
> def words(ctx, data):
> return dbpool.runQuery("SELECT english FROM lang WHERE spanish
> LIKE %s'" % data)
This is bad. You should not use Python's string formatting to build
queries - pass the queries args as a tuple and let the database module
prepare the query:
return dbpool.runQuery(
"SELECT english FROM lang WHERE spanish LIKE %s",
(data,))
In particular, this lets the database module correctly quote ''data''
and protects you from SQL insertion problems.
- Matt
>
> class PData(rend.Page):
> addSlash=True
> docFactory = loaders.stan(tags.html[
> tags.div(data="hola")[ words ]])
>
> _______________________________________________
> Twisted-web mailing list
> Twisted-web at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
--
__
/ \__ Matt Goodall, Pollenation Internet Ltd
\__/ \ w: http://www.pollenation.net
__/ \__/ e: matt at pollenation.net
/ \__/ \ t: +44 (0)113 2252500
\__/ \__/
/ \ Any views expressed are my own and do not necessarily
\__/ reflect the views of my employer.
More information about the Twisted-web
mailing list