[Twisted-web] pgasync (was: /freeform_post!!random causes exceptions)

[J Turner]

On Fri, Feb 18, 2005 at 03:48:57AM +0100, Andrea Arcangeli wrote:
> On Thu, Feb 17, 2005 at 01:27:30PM -0600, J Turner wrote:
> > It's not trival to determine whether or not something gets resolved.  If
> > it's a keyword argument situation, then I need to search the format
> > string for some variation of %(keyword)s.  If it's just tuple-style,
> > then I need to count the number of %s/d/whatevers and determine whether
> > or not it's beyond the limit.
> > 
> > This seems ugly, and needlessly expensive for a corner case; I think the
> > right answer is, only pass things to format() that are intended to be
> > formatted and made safe for insertion into SQL.
>
> So my suggestion is not to give it up, but to try to convert to string,
> and format it like string if __str__ did its job.

This makes sense.  I was hesitant to "just str()" it because the whole
point of format() (or, at least, the biggest point) is that it makes
things safely escaped for insertion into a SQL statement--no malicious
injection.

If I did it the way you suggest, however, and do something like
STRING(str(unknown_thing)) so that it was sure to be escaped properly, 
that seems like it would be a useful thing.  

 - Jamie