Message 161896 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	petri.lehtinen
Recipients	eric.araujo, illume, loewis, petri.lehtinen
Date	2012年05月29日.16:22:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1338308521.41.0.804547741989.issue11685@psf.upfronthosting.co.za>

Content
No SQL library that I know of provides a way to escape table names. The quoting functions are always meant to escape string parameters. This is true for sqlite3_mprintf(), too (the %q and %Q options). If you build table names from user input, your database design is somehow flawed.

Content

No SQL library that I know of provides a way to escape table names. The quoting functions are always meant to escape string parameters. This is true for sqlite3_mprintf(), too (the %q and %Q options).
If you build table names from user input, your database design is somehow flawed.

History
Date	User	Action	Args
2012年05月29日 16:22:01	petri.lehtinen	set	recipients: + petri.lehtinen, loewis, illume, eric.araujo
2012年05月29日 16:22:01	petri.lehtinen	set	messageid: <1338308521.41.0.804547741989.issue11685@psf.upfronthosting.co.za>
2012年05月29日 16:22:00	petri.lehtinen	link	issue11685 messages
2012年05月29日 16:22:00	petri.lehtinen	create

homepage