MySQLdb not allowing hyphen
Chris Rebert
clp2 at rebertia.com
Sun Feb 5 17:46:36 EST 2012
More information about the Python-list mailing list
Sun Feb 5 17:46:36 EST 2012
- Previous message (by thread): MySQLdb not allowing hyphen
- Next message (by thread): MySQLdb not allowing hyphen
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Feb 5, 2012 at 2:41 PM, Emeka <emekamicro at gmail.com> wrote: > > Hello All, > > I noticed that MySQLdb not allowing hyphen may be way to prevent injection > attack. > I have something like below: > > "insert into reviews(message, title)values('%s', '%s')" %( "We don't know > where to go","We can't wait till morrow" ) > > ProgrammingError(1064, "You have an error in your SQL syntax; check the > manual that corresponds to your MySQL server version for the right syntax to > use near 't know where to go. > > How do I work around this error? Don't use raw SQL strings in the first place. Use a proper parameterized query, e.g.: cursor.execute("insert into reviews(message, title) values (%s, %s)", ("We don't know where to go", "We can't wait till morrow")) Cheers, Chris
- Previous message (by thread): MySQLdb not allowing hyphen
- Next message (by thread): MySQLdb not allowing hyphen
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list